Using AGPM for Advanced Group Policy Delegation

by Chris Sanders [Published on 5 Sept. 2007 / Last Updated on 5 Sept. 2007]

Microsoft’s AGPM tool is a great way to have an extra layer of security when managing group policy on your network.

The Advanced Group Policy Management (AGPM) tool from Microsoft is a great new tool that goes well beyond the abilities of the traditionally used Group Policy Management Console (GPMC).

One of the strengths of the AGPM tool is how it has extended the delegation of group policy objects. One of these features is the more granular control over delegation. The AGPM has its own delegation model which allows for more specific settings giving greater leverage over delegation assignments. AGPM also allows for a new feature in the offline editing of GPO’s. This means that group policy administrators will now have to check-in and check-out GPO’s for editing. This not only provides better security but also prevents multiple people from editing the same live GPO at the same time.


Chris Sanders is the network administrator for one of the largest public school systems in the state of Kentucky. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.

Featured Links