FullArmor uses SMS 2003 to define group policies beyond Windows

Group Policy is, many believe, the single best administrative tool that Microsoft has ever devised. The Group Policy Management Console may be the best reason to move to Windows Server 2003.

If you don’t have the latest version of the GPMC, you can download it for free.

Microsoft describes it thus: “The GPMC lets administrators manage Group Policy for multiple domains and sites within one or more forests, all in a simplified user interface (UI) with drag-and-drop support. New functionality includes backup, restore, import, copy, and reporting of Group Policy Objects (GPO). These operations are fully scriptable, which lets administrators customize and automate management. Together these advantages make Group Policy much easier to use and help you manage your enterprise more cost-effectively.”

One thing the GPMC doesn’t cover, though, is non-Microsoft environments. That’s where companies such as FullArmor can jump in and fill the void. Its GPAnywhere product extends the reach of Group Policy beyond Windows desktops to mobile devices (Windows embedded devices and cell phones); kiosks; and non-Windows networks (NetWare, Unix); as well as to disconnected Windows devices (home workers, mobile workers with laptops, etc.). But wait, there’s more!

Last week, FullArmor announced GPAnywhere for SMS, which enables organizations to use Microsoft Systems Management Server (SMS) 2003 to define and apply Group Policy settings on endpoints outside of Active Directory. In addition, GPAnywhere for SMS simplifies the deployment of Active Directory by enforcing policies on Windows 2000 and Windows XP desktops until the rollout is complete. Using GPAnywhere for SMS, you can continuously apply and enforce all the configuration settings offered by Active Directory (as well as FullArmor’s Group Policy extensions) on machines that are not connected to an Active Directory domain.

So that you can hit the ground running, GPAnywhere for SMS ships with three preconfigured templates (high, medium, and low) that contain a fixed set of policy settings based on Microsoft’s best security practices. These templates enable administrators with no knowledge of Microsoft Group Policy to easily secure machines.

To create custom templates, GPAnywhere includes a Policy Template Designer that enables administrators to simply point and click to select or unselect desired Group Policy settings. To streamline the deployment of Group Policy Objects, GPAnywhere for SMS creates a stand-alone executable file (EXE) that contains the desired settings. These executable files are then delivered to endpoints by SMS, where the executable is run on the target machines and updates the Local Group Policy Object. GPAnywhere for SMS supports Windows 2000 Server or higher operating systems. Pricing should start at $6 per managed machine, and $1,250 for the GPAnywhere management console, when it begins shipping next month.