SDM Software next week will ship a Web-based interface for Microsoft's group-policy feature to ease the desktop management and maintenance of Vista and other Windows operating systems.

GPExpert Desktop Policy Manager, which is available as a free trial, uses a two-step SmartApply process that hides the complexity of applying security settings and lockdown policies to desktops via the Windows GP Editor.

Microsoft's group-policy technology, which is supported on Windows 2000, XP, and Vista, works with Active Directory. Group policy lets administrators manage, customize and lock down desktop and server settings based on a set of policies maintained in the directory. The policies, for example, can prevent users from changing settings and can disable such services as USB ports to prevent the use of removable storage devices.

The promise is cheaper, faster and easier management; the ability to prevent users and administrators from twisting operating-system knobs they shouldn't; and a chance at the holy grail of a standardized desktop and server configuration. In the hands of the uninitiated, however, Microsoft's group policy and Group Policy Management Console can twist administrators quickly into a knot.

SDM has designed the Web-based Desktop Policy Manager so administrators can select policy templates, then target PCs or individual users with them. The setup then is handled behind the scenes. The software has compliance features including an approval-based workflow for controlling and tracking changes.

Desktop Policy Manager, which does not require that agents be installed, has templates for security configuration, group membership control, power management and system services security. User-policy features include templates for application restrictions, browser security, desktop lockdown, drive and printer mappings, and device restrictions.

The software also supports Microsoft's PowerShell scripting language so users can add to templates any of the thousands of objects that are part of group policy. It also supports the Server Modeling Language standard, which is Microsoft's foundation for its modeling architecture in its Dynamic Systems Initiative, a plan to create a management platform for Windows.

Desktop Policy Manager, which runs on Windows Server 2003 or 2008, is part of SDM's GPExpert family of group-policy software that includes Scripting Toolkit for PowerShell, Troubleshooting Pak, Health Reporter, Log Analyzer, Status Monitor and Group Policy Spy.