Group policy can be every Windows administrator’s friend, but Microsoft Corp. says its extensive network management technology is hardly being used. And this is despite powerful tools like Group Policy Management Console (GPMC) being freely available for download.
Microsoft officials say only 50 per cent to 60 per cent of users take advantage of group policy technology, which means there’s a cost-slashing tool available that’s not being fully utilized.
Group policy objects (GPOs) let administrators centrally manage, customize and lock down desktop and server settings based on a set of policies maintained in the directory.
Group policy is one of the rewards given to IT executives for their hard work in cracking the complex deployment of Active Directory, and that includes more than 80 per cent of Windows users in North America, according to IDC.
The GPMC addresses the top group policy requirements that are requested by IT professionals, says Rick Claus, an IT Pro Advisor for Mississauga, Ont.-based Microsoft Canada Co. The technology can be used to ensure that all server configurations for the data centre are enforced across the board, for example.
The technology was confusing before the console was released in 2004, but Claus says the GPMC has made group policy more approachable and useable by everyday administrators.
“The trick is to understand how group policy works and how it’s applied,” he says. “Because it’s so powerful, it can be confusing sometimes to understand the impact. That’s one of the reasons GPMC has group policy modeling.”
A basic group policy entry can have up to 1,700 settings that are applied to work stations or servers. To simplify this process of standardizing a work environment, the console contains administrative and security templates that can be customized with Group Policy Editor.
If group policy is properly implemented in Active Directory, for example, an administrator can create a refined look and feel of the user’s experience on the desktop, says Claus. “You’re now able to build the ideal configuration for a managed desktop and then apply that to multiple or even hundreds or thousands of machines simultaneously,” he says. “It creates that personalized environment for the end-user.”
The objects are crafted in Group Policy Editor and then linked to various levels of the network topology: organizational unit, domain or site. The GPOs are assigned to individual or groups of end-users and servers. Agents on those machines “pull down” GPOs when they sign on to the network and at various intervals while they are running.
Imagine how much time and money IT could save by rolling out a tool that makes it easier to configure the 1,300 settings in Windows XP SP2 and the 1,800 in Windows Server 2003 SP1, not to mention the hundreds more slated to ship with Vista.
Based in Ottawa, Claus worked as an enterprise architect before joining Microsoft Canada’s TechNet, an educational network for IT professionals. He is currently hosting a series of events across Canada aimed at IT managers, infrastructure architects and systems integrators.
Of the various designs he’s implemented in the past, Claus says he’s gone from a lightly managed desktop, with minimum standards for application settings, to a highly managed, locked down desktop that’s very specific in what end-users can and cannot do. One design was for 26,000 users spread over 92 physical sites across Canada.
“But the amount of effort required for that level of customization, once you understand group policy, is basically the same for a small shop all the way up to a large implementation,” says Claus, who confesses to being a big fan of Active Directory.
Group policy is all about keeping Windows administration simple, says Claus. One of the features of the console, Common Desktop Management Scenarios, offers six downloadable examples of group policy configurations. Custom templates like Mobile, AppStation and Kiosk contain default settings that range from open access to secure lockdown.
Microsoft says it is planning to integrate GPMC into its Longhorn servers due for release next year.