Department GPO Tools

Owned by Geoff Nelson
Last updated: Dec 12, 2024
7 min read

The Department GPO Tools allow departments to create and manage Group Policy Objects using a convenient and easy to use web interface.

 

There are two roles within the tool: OU Owner, GPO Administrator.

Role

Available Actions

How Someone Falls into Scope of the Role

Role

Available Actions

How Someone Falls into Scope of the Role

OU Owner

When a Department OU is created, the requestor provides a list of the initial OU Owners.

Department OU Owners can edit (add/remove) owners of the Department OU.

If a Department falls in the scenario where there are no valid OU Owners (for example, all of the owners are former staff), the owners can be updated by one of the following processes:

  • The Head of the Department submits a request to the AD team, specifying the EIDs of the new OU Owners.

  • IT staff member from the department contacts the ISO who will review it and then submit a request to the AD team, specifying the EIDs of the new OU Owners.

GPO Administrator

GPO Administrators can create, delete, and manage a Department’s GPOs.

A Department OU Owner sets the GPO Administrators.

 

In addition, Department OU Owners are considered GPO Administrators by the Tool’s permission model even if not explicitly declared as GPO Administrators.

GPO EdITOR

GPO Editors have permission to edit a Department’s GPOs.

GPO Editors have no permissions within the Department GPO Tools.

GPO Editors must be Departmental user accounts (Not EIDs.)

A Department OU Owner sets the GPO Editors.

View GPO Administrators OU Owner

  1. Log into the Department GPO Tools on https://www.austin.utexas.edu/deptgpotools.

  2. From the menu on the left side of the page, under the OU Owners section, click on GPO Admins Group.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. The current GPO Administrators are listed under Current GPO Administrators.

Add GPO Administrators OU Owner

  1. Log into the Department GPO Tools on https://www.austin.utexas.edu/deptgpotools.

  2. From the menu on the left side of the page, under the OU Owners section, click on GPO Admins Group.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. Under Enter the EID to Add, enter the EID of the person you want to add to the GPO Administrators for your Department.
    GPO Administrators must be current faculty, staff or students.
    Optionally check the Exact Match checkbox if you have entered the exact EID to search on.
    (For example, when searching abc1 with the checkbox unchecked, the search results will include abc1, abc12, abc123, etc.).

  5. Click the Check Names button.

The search will only return the EIDs of current faculty, staff, and students.

  1. Select the desired user in the Search Results.

  2. Click the Add New Admin button.

Remove GPO Administrators OU Owner

  1. Log into the Department GPO Tools on https://www.austin.utexas.edu/deptgpotools.

  2. From the menu on the left side of the page, under the OU Owners section, click on GPO Admins Group.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. Under Current GPO Administrators, select the user that you want to remove.

  5. Click the Remove Selected Admin button.

View GPO Editors OU Owner

  1. Log into the Department GPO Tools on https://www.austin.utexas.edu/deptgpotools.

  2. From the menu on the left side of the page, under the OU Owners section, click on GPO Admins Group.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. The current GPO Editors are listed under Current GPO Editors.

Add GPO Editors OU Owner

  1. Log into the Department GPO Tools on https://www.austin.utexas.edu/deptgpotools.

  2. From the menu on the left side of the page, under the OU Owners section, click on GPO Admins Group.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. Under Enter the Native AD account or Group to Add, enter the name of a Departmental user or a group containing only Departmental users (no EIDs) that want to add to the GPO Administrators for your Department.
    Optionally check the Exact Match checkbox if you have entered the exact EID to search on.
    (For example, when searching abc1 with the checkbox unchecked, the search results will include abc1, abc12, abc123, etc.).

  5. Click the Check Names button.

The search will not return EIDs or any group that contains EIDs. GPO Editors must only be Departmental user accounts.

  1. Select the desired user or group in the Search Results.

  2. Click the Add New Editor button.

Remove GPO Editors OU Owner

  1. Log into the Department GPO Tools on https://www.austin.utexas.edu/deptgpotools.

  2. From the menu on the left side of the page, under the OU Owners section, click on GPO Editors Group.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. Under Current GPO Editors, select the user that you want to remove.

  5. Click the Remove Selected Editor button.

Create GPO GPO Administrator

  1. Log into the Department GPO Tools on https://www.austin.utexas.edu/deptgpotools.

  2. From the menu on the left side of the page, under the GPO Administrators section, click on Create GPO.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. Under GPO Name, enter the name for the new GPO that you are creating. Note that the name is automatically prefixed with the Department OU Name followed by a dash.
    (You do not need to enter the DEPT- prefix when setting the GPO Name.)

  5. Optionally provide a description for the new GPO under Description.

  6. Click the Create GPO button.

Copy GPO GPO Administrator

  1. Log into the Department GPO Tools on https://www.austin.utexas.edu/deptgpotools.

  2. From the menu on the left side of the page, under the GPO Administrators section, click on Copy GPO.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. Under Select a GPO to Copy, select the GPO that you want to copy.
    By default, only the selected Department’s GPOs are shown. Check the Show all GPOs on the AD Domain checkbox to see all GPOs in the domain if you want to copy another Department’s GPO.

  5. Under Enter the name for the copy, enter the name for the new GPO that you are creating. Note that the name is automatically prefixed with the Department OU Name followed by a dash.
    (You do not need to enter the DEPT- prefix when setting the GPO Name.)

  6. Click the Copy GPO button.

Rename GPO GPO Administrator

  1. Log into the Department GPO Tools on https://www.austin.utexas.edu/deptgpotools.

  2. From the menu on the left side of the page, under the GPO Administrators section, click on Rename GPO.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. Under Select a GPO to Rename, select the GPO that you want to rename.
    Optionally check the Find all GPOs with AAD Trustee's checkbox to include GPOs where permissions exist for a <DEPT>- user, indicating the GPO was likely created outside the Department GPO Tools. These GPOs may not be named correctly.

  5. Under Enter the new name for the GPO, provide the new name for the GPO. Note that the name is automatically prefixed with the Department OU Name followed by a dash.
    (You do not need to enter the DEPT- prefix when setting the GPO Name.)

  6. Click the Rename GPO button.

Delete GPO GPO Administrator

  1. Log into the Department GPO Tools on https://www.austin.utexas.edu/deptgpotools.

  2. From the menu on the left side of the page, under the GPO Administrators section, click on Delete GPO.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. Under Select a GPO to Delete, select the GPO that you want to delete.
    Optionally check the Find all GPOs with <DEPT>Trustee's checkbox to include GPOs where permissions exist for a <DEPT>- user, indicating the GPO was likely created outside the Department GPO Tools.

  5. Click the Delete GPO button.

Only GPOs without links can be deleted. If the GPO is currently linked anywhere, the Delete GPO button will be greyed out. You must first unlink it before deleting it.
This limitation is a precaution against adverse effects caused by accidentally deleting the wrong GPO or a GPO incorrectly thought of as not in use.

Reset GPO Permissions GPO Administrator

  1. Log into the Department GPO Tools on https://www.austin.utexas.edu/deptgpotools.

  2. From the menu on the left side of the page, under the GPO Administrators section, click on Reset GPO Permissions.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. Next to Select a GPO, select the GPO that you want to reset the permissions on.
    Optionally check the Find all GPOs with <DEPT>Trustee's checkbox to include GPOs where permissions exist for a <DEPT>- user, indicating the GPO was likely created outside the Department GPO Tools. These GPOs may not have the desired permissions set.

  5. Click the Reset Permissions button.

Show GPO Information GPO Administrator

  1. Log into the Department GPO Tools on https://www.austin.utexas.edu/deptgpotools.

  2. From the menu on the left side of the page, under the GPO Administrators section, click on Show GPO Information.

  3. Select the desired Department OU from the Select a Department OU drop down list.

  4. Next to Select a GPO, select the GPO that you want to view information for.
    Optionally check the Find all GPOs with <DEPT>Trustee's checkbox to include GPOs where permissions exist for a <DEPT>- user, indicating the GPO was likely created outside the Department GPO Tools.
    Optionally check the Show Sub-Links checkbox to show all GPOs linked to the OU(s) where the selected GPO is linked.

Confluence Documentation | Web Privacy Policy | Web Accessibility