The CIO-level business angle on the latest tech
Some technologists have described Group Policy as one of the best features within Microsoft's Active Directory software. Group Policy, which is supported on Windows 2000, Server 2003 and XP, enables administrators to manage a network of desktop PCs by using a set of policies stored in the directory. It has some management tools built in, but Microsoft pretty much left the tool-building to its partner community. DesktopStandard saw this opening and jumped right in with a set of management tools that extend Group Policy's capabilities.
Last week I chatted with Eric Voskuil, CTO at DesktopStandard (formerly called AutoProf), and he briefed me on the 20-plus extensions that his company provides in its PolicyMaker software. If you depend on Active Directory on your networks, a look at what DesktopStandard adds to the mix is in order.
PolicyMaker Standard Edition has 21 Group Policy extensions. Two other products, PolicyMaker Software Update and PolicyMaker Application Security, each add another extension to Group Policy. Taken all together, these extensions provide a very robust management suite for your network of desktop computers. Here's a quick look just of some of PolicyMaker's capabilities:
* Reduce energy consumption - centrally manage the power-saving features that your hardware has built in to it.
* Transfer file updates - manage locally stored files and folders to keep PCs up to date (say, with anti-virus software) and
hard disks organized.
* Schedule distributed tasks - set tasks such as virus scanning or disk defragmentation to run at your desired schedule.
* Create and update mail profiles - setup and manage Outlook user profiles, which are often too complicated for users to create
for themselves.
* Deploy registry settings - use a wizard to reduce the complexity of making registry database changes on a local computer.
* Integrate patch management - apply operating system and application software patches, including custom updates and non-Microsoft
updates.
* Disable input/output devices - improve security by selectively disabling devices such as floppy drives, USB ports, CD-R/W
drives, removable drives, parallel ports, serial ports, infrared ports and wireless networks.
* Standardize desktops settings and configurations - setup and maintain a consistent user environment, such as Internet settings,
shortcuts, the Start menu and the like.
Voskuil says the extension that is currently of very high interest to many network administrators is the Application Security product released this past January. This feature provides for varying access based on the context of a given operation. The administrator can enforce the concept of "least privilege" by making granular changes to the access levels and privileges of a targeted application's security token without otherwise affecting the access of individual end users.
For example, you might find the need to grant administrative access to an end user so that he can perform a task that is normally reserved for administers - say, increasing the size of his mailbox. You wouldn't want this user having complete administrative access for every application he launches. PolicyMaker Application Security allows you to compartmentalize the access privileges as needed.
Linda Musthaler is a principal analyst with Essential Solutions Corporation.