Common Secondary Tab Features
Each secondary tab has two sections—Group Policy objects and Groups and Users.
Group Policy objects section
The Group Policy objects section displays a filtered list of Group Policy objects (GPOs) and identifies the following characteristics for each GPO:
| GPO Characteristic | Description |
|---|---|
Name |
Name of the Group Policy object. |
Computer (Comp.) |
Automatically generated version of the Computer Configuration portion of the GPO. |
User |
Automatically generated version of the User Configuration portion of the GPO. |
State |
The state of the selected GPO:
|
GPO Status |
The Computer Configuration and the User Configuration can be managed separately. The GPO Status indicates which portions of the GPO are enabled. |
WMI Filter |
Display any WMI filters that are applied to this GPO. WMI filters are managed under the WMI Filters node for the domain in the console tree of the GPMC. |
Modified |
For a controlled GPO, the most recent date when it was checked in after being modified or checked out to be modified. For an uncontrolled GPO, the date when it was last modified. |
Owner |
The Editor who checked in or the Approver who deployed the selected GPO. |
Uncontrolled: Not managed by AGPM.
Checked In: Available for authorized Editors to check out for editing or for a Group Policy administrator to deploy.
Checked Out: Currently being edited. Unavailable for other Editors to check out until the Editor who checked it out or an AGPM Administrator checks it in.
Pending: Awaiting approval from a Group Policy administrator before being created, controlled, deployed, or deleted.
Template: A static version of a GPO for use as a starting point when creating new GPOs.
Template (default): By default, this template is the starting point used when creating a new GPO.
Groups and Users section
When a GPO is selected, the Groups and Users section displays a list of the groups and users with access to that GPO. The allowed permissions and inheritance are displayed for each group or user. An AGPM Administrator can configure permissions using either standard AGPM roles (Editor, Approver, and Reviewer) or a customized combination of permissions.
| Button | Effect |
|---|---|
Add |
Add a new entry to the security descriptor. Any user or group in Active Directory can be added. |
Remove |
Remove the selected entry from the Access Control List. |
Properties |
Display the properties for the selected object. The properties page is the same one displayed for an object in Active Directory Users and Computers. |
Advanced |
Open the Access Control List Editor. |
Additional considerations
- For information about roles and permissions related to specific tasks, see the tasks under Performing AGPM Administrator Tasks, Performing Editor Tasks, Performing Approver Tasks, and Performing Reviewer Tasks.
Additional references