Windows IT Pro
Connect With Us
Home > Systems Management > Group Policy Management Tools - 26 Oct 2004

Group Policy Management Tools - 26 Oct 2004

Extend and enhance Group Policy functionality

Oct. 25, 2004 Ed Roth | Windows IT Pro

View this month's Buyer's Guide

Group Policy, which you implement through Windows Server 2003 or Windows 2000 Server, is an indispensable feature for managing the behavior of clients and servers in Windows environments. But maintaining a large number of Group Policy Objects (GPOs) and their links to domains, organizational units (OUs), and sites can be a difficult task. The products in this Buyer's Guide provide general Group Policy management assistance; they also extend and enhance Group Policy's basic functionality.

Basic Operations
Many of the products, such as solutions from Active Directory (AD) and Group Policy solution wizards BindView and NetIQ, help you perform Group Policy management tasks. These tasks include functions such as GPO creation and maintenance, policy analysis, import and export, backup and restore, and reporting.

Creation and Maintenance
For GPO creation and maintenance, look for advanced features that let you control and track GPO changes. Products that offer thorough change and release management strategies let you view a given GPO's properties at any point in its life cycle.

Policy Analysis
Group Policy analysis usually takes the form of a Resultant Set of Policies (RsoP), which lets you see which policies will be in effect when a given user logs on to a specific computer. The ability to perform offline analysis of different scenarios, such as when you move a user to another OU or move a computer to a different site, is another important feature to consider.

Import and Export
Thoroughly testing GPOs before putting them into production is an important step. Many organizations create and test GPOs in lab environments. You can save hours of work and avoid potential data entry errors by exporting GPOs from a lab environment and importing them into a production environment. You can also use import and export to move GPOs between production domains.

Backup and Restore
A good Group Policy management product lets you back up GPOs, security group filters, and Group Policy links to disk. Backups are useful when a GPO becomes corrupt or a newly implemented GPO causes a problem. You can also use backup to migrate Group Policy settings to a new domain or forest. Some vendors' tools let you replicate, synchronize, and manually copy GPOs between domains and forests when you migrate the associated security group filters and Group Policy links. This functionality lets you easily transfer the policy settings from a test environment to a production environment. Find a product that automatically documents the backup contents, including the settings for backed-up GPOs.

Reporting
Robust reporting for diagnostic, troubleshooting, and business-management purposes is a must-have. Look for a centralized reporting tool that provides insight from a variety of angles into your organization's object classes, policy settings, policy-affected registry keys, and security. The ability to search for a GPO that defines a specific setting and to compare a specific GPO with another version of the same GPO, an archived GPO, or a live GPO in AD are especially helpful features. Discovering problems such as GPO corruption and replication failures ensures that your policy infrastructure stays healthy. Report output options will ensure that you can use the results more effectively.

Extending Group Policy Functionality
Other products in this Buyer's Guide are geared toward leveraging the Group Policy infrastructure to extend its native capabilities. FullArmor GPAnywhere! lets you apply the power of Group Policy to nonnetworked and remote systems. You can use FullArmor GPAnywhere! to create, edit, import, and export GPOs with Windows 2003's Active Directory Application Mode (ADAM) and export the GPOs to clients as executable policy files. Another FullArmor solution, IntelliPolicy for Clients, provides new policies and options for desktop and server management that aren't available out of the box with Windows 2003. FullArmor has partnered with NetIQ to develop synergies with NetIQ's Group Policy Administrator products.

Vintela Group Policy (VGP), an add-on to Vintela Authentication Services (VAS), uses the existing Group Policy interface that's native to AD to extend policy-based management to UNIX and Linux systems. Although VGP currently provides an interface for creating UNIX and Linux GPOs through ADAM template files, a fully functioning server-side extension is in development and scheduled to be included in a future version of VGP.

Discuss this Article 13

tomd124
on Oct 3, 2005
Sounded like a sales pitch. Needed info on how to export GPO, not that it could.
Anonymous User (not verified)
on Oct 31, 2004
You did not discuss GPO debug tools. For example, as a client if I try to connect to a server and I can't, what tools are available to me that log the exact policy(s) and setting(s) that caused me not to get connected. Again, if I try to set up a trust to another domain and can't, what GPO tools are available that specify the exact poliy(s) and settings that caused me not to be able to execute an action. Thanks. phil@medicalcentral.com
Anonymous User (not verified)
on Jan 25, 2005
Based on the title I was expecting to find a list of tools to "Extend and Enhance" GPO's, not some Marketing Department drivel. And then when I go to view the Buyer's Guide I find that IE won't install the Active-X component needed to view it because the OS can't verify the publisher! What a waste of a good 15 minutes from my life.
Anonymous User (not verified)
on Jun 10, 2005
It is nice to know that GPO's can be imported and exported, but how? What value are you delivering to the reader?
Anonymous User (not verified)
on Jun 21, 2005
I could have found more useful information on a cereal box.
Anonymous User (not verified)
on Jul 19, 2005
Thanx
fmike7
on Jul 3, 2008
The folks at NetWrix provide the Group Policy Change Reporter for free: http://www.netwrix.com/group_policy_auditing_change_reporting_freeware.html
Anonymous User (not verified)
on Nov 28, 2004
This could probably be an ad, but NOT an article. You dont or mention any spesific tools or references where I can get useful information. I know that Active Directory is something, but you dont give ANY info about what program I can use to install, manage and tune it... A provokingly bac article, but a good sample of how low the level will become if there is no quality controle...

Please or Register to post comments.

Related Articles
IT/Dev Connections

Las Vegas
September 30th - October 4th

Paul ThurottYou'll have the opportunity to experience:
• The Microsoft
Technology Roadmap
• Office 365 Implementation
• Hyper-V Optimizing
• Windows 8 Deployment
and much more!

Come See Paul Thurrott & Rod Trent in Person!

Early Registration Now Open

Upcoming Training

Mastering System Center 2012

During over 6 hours of training you can join John Savill from your computer as he will walk you through the key components and capabilities of System Center 2012, what’s involved in using the components, and the benefit they can bring to your environment.

Register Now

Current Issue

May 2013 - The NameTranslate object is useful when you need to translate Active Directory object names between different formats, but it's awkward to use from PowerShell. Here's a PowerShell script that eliminates the awkwardness.

CURRENT ISSUE / ARCHIVE / SUBSCRIBE

Windows Forums

Get answers to questions, share tips, and engage with the Windows Community in our Forums.

Featured Products
Windows 8 Tips
Windows 8 Tips

You’ve been told that Microsoft has somehow compromised the beloved desktop environment and ruined it with Metro...

VIP - Premium Membership
For the IT Professional that needs access to training, premium content, discounts, and more, joining our VIP group just...
Testing with Visual Studio 2012

June 25th
Presented by: Brian Minisi

EARLY BIRD DISCOUNT -...

View CatalogView Shopping Cart

WindowsITPro.com
Related Sites
Copyright © 2013 Penton Media, Inc