Advanced Group Policy Management (AGPM) is part of the Microsoft Desktop Optimization Pack (MDOP). As the name implies, AGPM enables much more advanced control over Group Policy than the standard Group Policy Management Console. For example, AGPM enables you to edit GPOs in a staging environment and then deploy the changes to production, with rollback capabilities. AGPM enables change control so that tracking and auditing can occur.
AGPM can use role-based delegation so that one person can edit the GPOs while another person approves and deploys. Specifically, AGPM has three roles: Reviewer, Editor, and Approver. The Reviewer role can view GPOs, while the Editor role can make changes. The Approver role can deploy the GPO to the production environment.
When you’re designing a Group Policy strategy, consider whether these features are required in your organization and, if they are, plan on including AGPM in your design.
