Performing Approver Tasks

An Approver is a person authorized by an AGPM Administrator (Full Control) to create, deploy, and delete Group Policy Objects (GPOs) and to approve or reject requests (typically from Editors) to create, deploy, or delete GPOs.

Important
Make sure that you are connecting to the central archive for GPOs. For more information, see Configure an AGPM Server Connection.

Note
Before approving a GPO, an Approver should review the policy settings that it contains. The Approver role includes the permissions for the Reviewer role, so that an Approver can review policy settings and compare GPOs. See Performing Reviewer Tasks for more information.

Additional considerations

By default, the following permissions are provided for the Approver role:

  • List Contents

  • Read Settings

  • Create GPO

  • Deploy GPO

  • Delete GPO

Also, an Approver has full control over GPOs that he created or controlled.