AppSense Environment Manager Policy and GPO’s

Issue

If like the organisation I work for you have multiple teams working on AppSense Environment Manager policies it is essentially to get some sort of shared repository of Group Policy Templates.

This is because the AppSense Environment Manager console does not store an entire Group Policy Template within the policy but rather a path to the source template.

As such if the source template is not accessible you will be unable to make changes to the Group Policy setting within the console.

At some point in your career working with the product you will see the following message for this very reason.

AppSenseEM_GPTemplates_Error_05022015

Solutions

 Shared Group Policy Template Repository

This solution has the advantage of being incredibly easy to set up, when creating EM policies simply have all developers place any new templates in the shared repository and link the policies to this location.

I would also recommend having all developers map this location as a drive for ease of use.

Advantages

  • Quick and Easy to set-up
  • Self maintaining as any new policies will need to be linked from this location

Disadvantages

  • More labour intensive to add new settings. Every time you need to add a setting you will need to enter the path to the shared repository. Sadly AppSense Environment Manager Console does not remember the paths.
  • Users can add incorrectly set paths

 Central Management Server

This is my preferred method, by using a central management server you can install more than just AppSense tooling. For example you can install consoles for SCCM, DHCP as well as allowing you to access Active Directory when creating rules based on AD groups.

It is still useful to set up an automated backup to a central repository to ensure you can quickly and easily take a copy should you want to work on another client.

Advantages

  • Access to all of your administrative consoles in one place
  • Self maintaining as any new policies will have access to resources on the management server

Disadvantages

  • Requires setting up an additional server

Automatic backup of Group Policy Templates

Simply set up a scheduled task to sync the following location:

C:\Windows\PolicyDefinitions

Please note the below script only backs up .ADMX files, if you would like to also backup the deprecated Windows 2k and older .ADM format this can be achieved using powershell/vbscript.

If you would like to request this script please let me know and i will enhance this post with it.

@echo off

REM # Batch Script ############################################################
REM #
REM # AUTHOR: Adil Dean
REM # 
REM # UPDATES:
REM # DD/MM/YYYY - 
REM #	- 
REM #
REM ###########################################################################
 
REM .SYNOPSIS
REM		Back up ADMX files to a central repository
REM .Description
REM		Script is used to back-up ADMX and ADM files from your local client to a
REM		central repository this is to ensure consistency of policy templates for
REM		developers using AppSense Environment Manager.
REM	.Requirements
REM		n/a
REM .EXAMPLE
    REM .\GPOBackup.cmd
REM .Notes

REM ###########################################################################
REM Parameters
REM ###########################################################################
SET strBackupPath=C:\GPOBackup\

REM Check if Backup location exists
IF NOT EXIST %strBackupPath% (
	MD %strBackupPath%\ADMX
)

REM Backup ADMX templates
ROBOCOPY "C:\Windows\PolicyDefinitions" %strBackupPath%\ADMX /mir /copy:DATSO /R:3 /W:1 /XF "%strBackupPath%\GPTemplateBackup.txt" /v >> "%strBackupPath%\GPTemplateBackup.txt"

Advantages

  • Accessible on all end points
  • Slightly more complex to set up (though process could be scripted)

Disadvantages

  • Requires access to a network share to ensure policies remain synced
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s