I think you have the right idea. We have a small, dedicated VM running AGPM. If I were starting now, I would definitely put it on Windows 2016 and make sure the AGPM Client is installed on Windows 10 1607 or later machines to do all the GPO editing. The migration is pretty easy, just find the MS article if you’re not already familiar with it.
Be sure to get AGPM 4, SP3 and this current update release: https://support.microsoft.com/en-us/help/4014009/march-2017-servicing-release-for-microsoft-desktop-optimization-pack *From:* listsad...@lists.myitforum.com [mailto: listsad...@lists.myitforum.com] *On Behalf Of *Heaton, Joseph@Wildlife *Sent:* Wednesday, May 31, 2017 6:58 PM *To:* 'NT System Admin Issues Discussion list' <ntsysadm@lists.myitforum.com > *Subject:* [NTSysADM] Group Policy management Was curious how everyone has Group Policy Management setup. I currently use one of my domain controllers as my “main” Group Policy management server, with AGPM installed there. I’m preparing to install PolicyPak, and don’t want to do this on a domain controller, so I’m thinking that I’ll build just a really basic server, put PolicyPak on it, and AGPM, so that the traffic from clients to the PolicyPak server is not going to a domain controller trying to do other things. Joe Heaton Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1700 9th Street, 3rd Floor Sacramento, CA 95811 Desk: (916) 323-1284 Every Californian should conserve water. Find out how at: [image: SaveOurWater_Logo] <http://saveourwater.com/> SaveOurWater.com <http://saveourwater.com/> · Drought.CA.gov <http://drought.ca.gov/>