• United States

6 hot technologies for 2006: Microsoft’s Group Policy

Jan 09, 20063 mins
Enterprise ApplicationsMicrosoft

Microsoft’s Group Policy, a management tool, is among the 6 hot technologies for 2006.

Sleeper: If you’ve already wrestled Active Directory to the ground, Microsoft’s Group Policy can help ease management nightmares.

Microsoft’s group policy objects (GPO) let administrators centrally manage, customize and lock down desktop and server settings based on a set of policies maintained in the directory.

GPO’s promise is less expensive, faster and easier management. It delivers the ability to prevent end users and administrators from twisting operating-system knobs they shouldn’t and a chance at the Holy Grail: a standardized desktop and server configuration.

GPOs can contain any number of customer settings. The GPO is crafted in Microsoft’s Group Policy Editor, then linked to various levels of the network topology – organizational unit, domain or site. The GPOs are assigned to individual end users and servers or groups of end users and servers. Agents on those machines “pull down” GPOs when they sign onto the network and at various intervals while they are running.

Group policy is one of the rewards given to IT execs for their hard work in cracking the complex deployment of Active Directory, and that includes more than 80% of Windows users in North America, according to IDC.

But Microsoft officials say only 50% to 60% of users take advantage of group policy technology, which means there’s a cost-slashing tool available that’s not being fully utilized.

Imagine how much time and money IT could save by rolling out a tool that makes it easier to configure the 1,300 settings in Windows XP SP2 and the 1,800 in Windows Server 2003 SP1, not to mention the hundreds more slated to ship with Vista next year.

Microsoft also has added the Group Policy Management Console (GPMC), which now allows users to manage group policy from a single console. In Longhorn, which is slated to ship in 2007, GPMC will be integrated into the server.

Third-party tools are an option

NOT HOT: Desktop video

We’ve got video everywhere these days — streaming video on the PC, video on the smart phone, video on the iPod. But you don’t see end users clamoring for desktop video, so don’t make any heavy investments in this area.

A collection of third-party tools ratchet up the number of extensions and settings, add features, such as preventing the use of USB drives, and fill in the gaps in native Windows administrative tools around tasks such as access control, reporting, change management and security auditing.

“I couldn’t do what I am doing without group policy,” says Rick Neubauer, CTO of Itility, a Chicago-based service provider that remotely manages desktops for clients. Neubauer’s favorites are settings that ensure that offline folders, folder redirection and roaming profiles are activated on desktops.

Those settings help synchronize the data stored on servers and desktops, with the result that PCs infected with a virus can be fixed by reloading a new copy of the operating system. “Now I don’t have to go to 20 machines and make changes. I make it once with group policy and it is applied,” says Neubauer, who is now testing software from FullArmor that will allow him to set up a group-policy portal where his customers can manage some of their own settings.

FullArmor is one of a handful of companies that develop extensions to group policy.

In a recent Network World Clear Choice Test on group policy-management tools, NetIQ came out the winner with its Group Policy Guardian and Group Policy Administrator. Desktop Standard, ScriptLogic and Quest Software also made a strong showing.

There are other vendors with group policy tools, including Centrify, NetPro, Special Operations Software and SysPro.