EDITOR'S NOTE
The Buyer's Guide summarizes vendor-submitted information. To find out about future Buyer's Guide topics or to learn how to include your product in an upcoming Buyer's Guide, go to http://www.winnetmag.com/buyersguide. To view previous Buyer's Guides on the Web, go to http://www.winnetmag.com/articles/index.cfm?departmentid=118.


Group Policy is a powerful means of modifying and managing configurations in a Windows 2000 environment. As you enable Group Policy Objects (GPOs) and link them to a complex organizational unit (OU) structure, you might realize that you need a more powerful Group Policy management capability than the OS affords. Products in this issue's Buyer's Guide give you granular control over developing, implementing, and managing GPOs in your organization.

Most of the listed products provide the ability to analyze the effects of policies without having to implement the policies in a production environment. Look for products that include Resultant Set of Policies (RSoP) functionality, which lets you analyze which policies will be in effect when user X logs on to computer Y. Make sure that the product you choose can provide detailed and general reports of RSoP information to suit different administrators' needs. The ability to perform a what-if analysis—what would happen if a user is moved to another OU or a computer is moved to a different site—is another worthwhile feature to consider.

Many of the listed products also can assist with Group Policy change and release management, which lets you view the properties for a given GPO at any point in its life cycle. A version control component provides a mechanism to prevent multiple users from simultaneously altering a GPO. Make sure to look for products that will maintain a complete history of a GPO's life from creation through retirement. Each GPO's version history should provide information about who made the changes, what was changed, when the changes took place, and why the changes were made.

Some products will help you implement the GPOs that you create. Basic applications might be limited to simplifying Group Policy Link and Security Group Filter management. More advanced applications also will let you replicate, synchronize, and manually copy GPOs between domains and forests while migrating the associated Security Group Filters and Group Policy Links. Such products let you easily transfer policy settings from a test environment to a production environment. The ability to roll back a policy deployment is another potentially valuable feature you should consider.

You can establish a measure of fault tolerance by selecting a product that lets you back up GPOs, Security Group Filters, and Group Policy Links to disk so that you can restore a backup of an individual GPO should a live GPO become corrupt or a newly implemented GPO cause an unforeseen problem. A backup functionality also lets you migrate Group Policy settings to a new domain or forest. To make backups easier to manage, look for a product that automatically documents the backup's contents, including the backed-up GPO's settings.

You'll also find products that provide robust reporting for diagnostic, troubleshooting, and management purposes. Look for a centralized reporting tool that will offer insight into your organization's security, policy settings, policy-affected registry keys, and object classes. Especially helpful are products that include features such as the ability to search for a GPO that defines a specific setting and the ability to compare a specific GPO with another version of the same GPO, an archived GPO, or a live GPO in Active Directory (AD). Reports that discover corrupt GPOs and replication failures will help ensure that your policy infrastructure stays healthy. To complement the reporting functionality, verify that the product you choose offers a wide selection of output options—such as output to a file, printer, HTML, or a database file—to ensure that you can make use of the results effectively.

—Ed Roth