| || |
Join Date: May 2008
Re: SCE managed computers group policy
If you can log on with Domain Administrator or Group Policy Administrator credentials when configuring Essentials 2007, any computers running Essentials 2007 components or agents are configured automatically. Selecting the Group Policy option directs Essentials 2007 to make the following changes to the domain:
- An Active Directory group is created.
- The Essentials 2007 Management Server is added to the Active Directory group.
- Two Group Policy objects (GPOs) are created.
- One GPO is targeted at ĎAll Computersí Active Directory group and contains both the Secure Socket Layer (SSL) and Windows Server Update Services (WSUS) certificates and Windows Firewall settings.
- The other GPO is specifically targeted at Essentials 2007 managed computers. This GPO is applied to the Active Directory group created by Essentials 2007, and contains settings related to WSUS, Agentless Exception Monitoring (AEM), and Remote Assistance.
- A domain-level object, System Center Essentials Managed Computers (Active Directory computer group), is created.
- A domain-level object, SCE Managed Computers Group Policy, is created and added to the Access Control List (ACL) of the System Center Essentials Managed Computers group.
- A domain-level object, System Center Essentials All Computers Policy, is created. This object's Group Policy applies to computers in the domain.
When a computer is added to the Active Directory group, a task is performed automatically that refreshes the computer's group membership. Managed computers receive all the required settings through Group Policy automatically.