You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > 120: Getting Started with PolicyPak (Misc) > Knowledge Base > 07: PolicyPak & Change Management Utilities > 01: Does PolicyPak Replace or Augment Group Policy Change Management tools (like Microsoft AGPM, Quest GPOADmin, or similar tools)?
01: Does PolicyPak Replace or Augment Group Policy Change Management tools (like Microsoft AGPM, Quest GPOADmin, or similar tools)?
print icon

What do Group Policy Change Management Tools “do”?

Tools like Microsoft AGPM, Quest GPOADmin, Quest Active Administrator, and/or NetIQ GPA are all similar tools with the same function and all fall into the category of “Group Policy Change Control” tools.

These Group Policy Change Control tools attempt to solve a few problems:

  • Check In/ Check out of a GPO
  • Offline Creation
  • Workflow management around a GPO lifecycle
  • Quick restore a GPO if it goes wrong or gets deleted
  • History / Comparison of a GPO over time

 

These tools require a database (or something similar) to store GPOs and their backups, and the history of what has transpired.

 

What does PolicyPak do?

PolicyPak on the other hand has different goals with a tiny overlap. PolicyPak’s goals are:

  • More management of each endpoint
  • Removing local admin rights
  • Better management of USB / removable devices
  • Windows 10 / 11 management advances
  • Reporting on if a GPO “Made it there” to your endpoints
  • Using PolicyPak Cloud or and MDM service if you don’t want to use Group Policy at all

PolicyPak works alongside these Group Policy Change Management tools. When you make PolicyPak directives inside a GPO, PolicyPak writes the same data that Microsoft would. So PolicyPak nicely tucks into any existing Group Policy Change Management tool you already use.

You can see examples of PolicyPak working nicely alongside Group Policy Change Management tools here:

1. https://kb.policypak.com/kb/article/1028-policypak-and-agpm/

2. https://kb.policypak.com/kb/article/1029-policypak-and-quest-s-gpoadmin-tool/

3. https://kb.policypak.com/kb/article/1037-policypak-integrates-with-netiq-gpa/

4. https://kb.policypak.com/kb/article/1030-04-policypak-and-quest-scriptlogic-activeadministrator/

 

Where do Group Policy Change Management tools and PolicyPak overlap?

 

However, one area of PolicyPak and Group Policy Change Management tools overlap is in expressing the history of changes in a GPO.

When PolicyPak data is written to a GPO we nicely store:

  • WHO changed something in a PolicyPak GPO and
  • WHICH computer was used to change something in a PolicyPak GPO
  • WHEN something changed in a PolicyPak GPO and

What PolicyPak doesn’t store is:

  • WHAT changed in a PolicyPak GPO
  • DIFFERENCES of what changed in a PolicyPak GPO over time

You can see two examples of PolicyPak items which some changes where you can see WHO, WHEN and WHAT COMPUTER these changes were made from.

and another example from another PolicyPak component...

You can see how PolicyPak stores WHO, WHICH and WHEN details in this video: https://kb.policypak.com/kb/article/1236-policypak-mmc-showing-history-of-items-you-create/

PolicyPak isn’t trying to compete with a Group Policy Change Management tool, like Microsoft AGPM or Quest GPO Manager because those tools are able to:

  • Check In/ Check out a GPO.
  • Offline Creation of the policy first.
  • Quick restore a GPO if it goes wrong or gets deleted
  • Demonstrate History / Comparison of those changes over time

 

Using Netwrix Auditor to determine Group Policy Changes Over Time

That being said if you wish to use a Netwrix product to show you changes to Group Policy over time you should use Netwrix Auditor which is able to capture changes to any GPO including Microsoft and PolicyPak changes. An example can be seen below from Netwrix Auditor:

 

Feedback
0 out of 0 found this helpful

scroll to top icon