Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


March 2008

Group Policy Tools: Easing the Pain

Help is on the way
From the March 2008 Edition
of Windows IT Pro
Caroline Marwitz
Market Watch
InstantDoc #98087
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Active Directory (AD) Articles Here | Reprints
Or get the Monthly Online Pass—only $5.95 a month!

Jason Leznek, Microsoft Senior Product Manager for Windows Client Manageability, adds, “The other thing that Group Policy Preferences lets you do is richer targeting. Group Policy Preferences lets you set Windows Management Instrumentation (WMI) filtering or go beyond, and it’s in a GUI. You can have check boxes; you can specify situations for settings; you can have multiple settings in one GPO.”

According to Sullivan, Microsoft jumped on those feature changes that provided best customer value and didn’t step on partners. Sullivan says his team asked customers, “What do you want to do in Group Policy?” The answer was that they wanted to do everything they could on their systems. “Group Policy Preferences provides application extension,” Sullivan notes. “Partners can go in through the core and add and enrich.”

Third-Party Solutions
You’ll find several big players in the Group Policy arena and some smaller ones. Tools from third parties tend to fall into two main areas—those that extend what you can do with Group Policy and those that help you manage Group Policy.

Tools that extend Group Policy. Within the extension area are tools that add Group Policy functions. Examples of such functions include software deployment and asset inventory. Two vendors in this arena are BeyondTrust and Specops.

BeyondTrust uses the concept of least privilege to help administrators configure applications to run on desktops. “We get apps that require admin privileges to run on the desktop where they don’t have administrative privilege,” CEO Moyer says. He notes the impact of a recent US Office of Management and Budget mandate: “Federal agencies must move to standard configurations for Vista and XP, which means no more local administrator accounts. The local administrator account undermines all settings. It undermines what you’re trying to do with Group Policy. We see the need to exploit this concept, developing new products and new versions.”

As a former strategic Group Policy partner of DesktopStandard, Specops offered tools that didn’t overlap with DesktopStandard’s and that don’t overlap with Microsoft’s releases. Specops founder and CTO Thorbjörn Sjövold, says that, besides DesktopStandard, Specops is actually the only winner among the Group Policy Extension ISVs when it comes to Microsoft’s Group Policy Preferences offering.

Tools that extend Group Policy include the following:

  • BeyondTrust Privilege Manager—lets administrators use Group Policy to configure applications so users can launch them without having administrator privileges. It includes the ability to let enterprises operate with User Account Control (UAC) turned on or off.
  • FullArmor Endpoint Policy Manager— uses an organization’s existing Group Policy infrastructure to provide real-time management and enforcement of endpoint policy settings by pushing Group Policy settings to client computers that might not connect often to the domain; it also provides auditing and reporting for compliance.
  • FullArmor GPAnywhere—lets administrators create portable policies from Group Policy settings and settings provided by IntelliPolicy for Clients to enforce policies on devices outside AD.
  • Specops Command—combines Windows PowerShell with Group Policy, making it possible to execute PowerShell scripts on any number of computers.
  • Specops Deploy—uses a Group Policy client-side extension (CSE) that replaces the built-in Group Policy software installation (GPSI) functionality in Windows.
  • Specops Inventory—uses Group Policy to provide detailed data to track Windowsbased IT assets.
  • Specops Password Policy—removes the obstacle of the single password policy per domain in Group Policy.

Tools that manage Group Policy. Within the management area, you see tools that focus on specific management functions— such as troubleshooting, reporting, and security—and tools that offer many management functions across the board. Mar-Elia, of SDM Software, approaches Group Policy by conceiving of his products in three “buckets”: troubleshooting, management, and reporting. “I decided the first thing I wanted to do was get tools for troubleshooting.” His second product was something he’d wanted to do for a long time. Editing GPOs required Group Policy Editor (GPE); Microsoft provides Group Policy Management Console (GPMC), and there was some scripting, but it was geared toward the GPO. He wanted to make a Group Policy Software Development Kit (SDK) and expose settings. The result was the company’s scripting toolkit.

He has two additional products ready to release: One is Group Policy Backup and Recovery. “GPMC provides backup and recovery as an afterthought. I’m trying to make it more of an enterprise-strength solution, with backup and restore links.” The other is Desktop Policy Manager, which rides on the scripting toolkit. With it, smallto- midsized businesses (SMBs) can manage Group Policy by using a Web interface that walks people through how to define settings and shows them in profiles. According to Mar-Elia, it hides the linking. “Instead of thousands of settings, the user sees a dozen. Not everyone has to see the complexity of GPMC—we shield them from that.”

Gil Kirkpatrick, CTO of NetPro, says, “Smaller organizations are just now beginning to experiment with Group Policy. I talked to a group of SMBs about AD backup and recovery, and very few were using it. It looked complicated to them.” He says, however, that we’ll see many smaller businesses getting into Group Policy. “I think that’s what’s driving a lot of the introduction of Group Policy tools.” In the past, he says, “management tools didn’t scale well to the SMB area and weren’t intuitive. Microsoft built the platform services well, then gave you a crappy interface and left it to the ISVs to fill in.” NetPro’s tools cover the AD realm and include specific Group Policy management tools, such as GPOADmin. It’s not yet possible to be an all-NetPro shop, though additional offerings are in the future.

Using Group Policy, Kirkpatrick says, “needs to be a controlled IT process, a process that’s standardized.” The other need is “to be able to delegate Group Policy creation or setting. Native tools don’t let you delegate the ability to manage Group Policy.”

Continue on Page 3

   Previous  1  [2]  3  Next 


Reader Comments

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
Microsoft Prepping Vista Ad Campaign

A year and a half after it first started selling Windows Vista, Microsoft is prepping a multi-million dollar ad campaign aimed at dispensing lingering doubts about the operating system. The campaign will tackle inaccuracies flaunted by Apple's infamous ...

The Memory-Optimization Hoax

Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...

Q. How can I use the command line to obtain a list of all the applications installed on my computer?

...
Active Directory (AD) Whitepapers An Introduction to Windows Server 2008 Server Manager

Get More from Active Directory—Easily Audit Changes, and Secure and Restore Objects

User Provisioning: Get the Most Bang for your IT Buck
Related Events Check out our list of Free Email Newsletters!
Active Directory (AD) eBooks Keeping Your Business Safe from Attack: Monitoring and Managing Your Network Security

Windows 2003: Active Directory Administration Essentials
Related Active Directory (AD) Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.


ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

Shortcut Guide to SQL Server Infrastructure Optimization
With right tools and techniques, you can have a top-performing SQL Server infrastructure without having to cram your data centers so that they're overflowing. Download this eBook to learn how.

WinConnections Conference Fall 2008
Don’t miss the premier event for Microsoft IT Professionals in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).

Become a fan of Windows IT Pro on Facebook!
Join us on Facebook and be a fan of Windows IT Pro!

Continuous Data Protection and Recovery for Exchange
Read this white paper to learn about Continuous Data Protection (CDP), Exchange 2007's local continuous replication and cluster continuous replication features.

Rev Up Your IT Know-How with Our Recharged Magazine!
The improved Windows IT Pro provides trusted IT content with an enhanced new look and functionality! Get comprehensive coverage of industry topics, expert advice, and real-world solutions—PLUS access to over 10,000 articles online. Order today!

Tips to Managing Messaging
Discover three fundamental mail and messaging management services - security, availability and control services - and how you can implement them in a Microsoft-centric mail and messaging environment.

Get It All with Windows IT Pro VIP
Stock your IT toolbox with every solution ever printed in Windows IT Pro and SQL Server Magazine plus bonus Web-exclusive content on hot topics. Subscribe to receive the VIP CD and a subscription to your choice of Windows IT Pro or SQL Server Magazine!



Solving PST Management Problems
In this white paper, read about the top PST issues and how to administer local/network PST files.

Bandwidth Monitoring Tool from SolarWinds
Identify largest bandwidth users in seconds. Get the free download now.

Transform Your Data Center at Brocade Conference 2008
Storage networking industry’s premier event at the MGM Grand, Las Vegas, September 22 - 24, 2008

Are You Litigation Ready?
Collecting and processing electronic data for e-discovery can be time-consuming and expose a business to significant legal risks. Get prepared with this free white paper

Order Your Fundamentals CD Today!
Gain an introduction to Exchange, learn server security requirements, and understand how unified communications can play a role in your messaging strategies with this free Exchange CD.

KVM over IP Solutions
Learn about a KVM over IP solution that is specifically designed to meet the needs of the distributed IT environment.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound
IT Library Technical Resources Directory Connected Home Windows Excavator SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing