About Microsoft’s recent entry of the DesktopStandard
product version, he says, “We
had just released GPOADmin, which competed
with DesktopStandard’s product—
but Microsoft split that product in two.”
As he understands the Microsoft offering,
“It doesn’t help you much with respect to
management, but it does have a nice UI.
It’s not like Microsoft solved the management
problem in Group Policy. Vendors will
just have to be more innovative.” NetPro’s
GPOADmin “expanded features and added
workflow. You can delegate and let others
make changes and an email goes out to
higher administrators who can approve and
apply the changes. It doesn’t make sense for
shops with one IT guy, but it’s necessary for
large shops and is in line with IT Infrastructure
Library (ITIL).”
Tools that help you manage Group Policy
include the following:
- NetIQ Group Policy Administrator—offers
a change management process for GPOs,
including offline management, versioning,
workflow and delegation, the ability to
replicate GPOs, and auditing and reporting
capabilities.
- NetIQ Group Policy Guardian—alerts
administrators when certain Group Policy
changes occur, details and documents
Group Policy change history, and offers
change tracking.
- NetPro ChangeAuditor—adds audit visibility
beyond native logs with coverage
for GPOs and nested groups in addition to
real-time auditing and reporting of AD, file
system, and Exchange changes.
- NetPro GPOADmin—lets you automate
change management tasks by configuring
workflow approval processes that include
the ability to do offline edits to GPOs as
well as GPO commenting, tracking, version
control, backup, scheduling, and
change auditing.
- Quest Software Quest Group Policy Extensions
for Desktops—lets you use Group
Policy to implement and enforce endpoint
security and includes tools that extend
Group Policy to manage desktops, including
the ability to configure Microsoft Office
applications and to manage Microsoft
Outlook remotely.
- Quest Software Quest Group Policy Manager—
adds version control and a new UI
to its GPO change management solution,
which includes archiving and rollback, a multilevel approval process, and the use
of PowerShell to automate Group Policy
management tasks.
SDM Software
- GPExpert Backup Manager
for Group Policy—lets you manage the
backup and recovery of GPOs and GPO
links in your AD environment.
- SDM Software GPExpert Scripting Toolkit
for PowerShell—helps you automate
Group Policy management using Power-
Shell.
- SDM Software GPExpert Status Monitor—
lets Help desk administrators find out
quickly when Group Policy isn’t working
by referring to desktop event logs that
record successes or failures in Group
Policy processing.
- SDM Software GPExpert Troubleshooting
Pak—helps administrators troubleshoot
and resolve problems in Group Policy
processing.
Group Policy in Your
Future
With its acquisition of DesktopStandard
and the resulting new Group Policy–related
offerings, Microsoft is giving more attention
to configuration and management difficulties
that have plagued Group Policy users.
As third parties build more features into
their Group Policy products, those tools will
expand on what Microsoft has done.
Sjövold, of Specops, says, “Microsoft’s
renewed commitment to Group Policy will
most likely encourage more ISVs to build
solutions on top of Group Policy.” Peter
Beauregard of BeyondTrust concurs: “We
look at what [Microsoft’s] doing, and it gets
people excited about Group Policy.” According
to NetPro’s Kirkpatrick, “Microsoft had a
gaping wound with respect to management
of Group Policy. They’ve put a good bandage
on it. But they’re not going to have a team of
20 developers working on updating Group
Policy Preferences.” He adds, “There’s still lots
of room to innovate.”
Mar-Elia, of SDM Software, also sees
room for growth: “There’s a ton of untapped
potential, stuff that Group Policy could do
better—the engine could be more resilient,
you could have more robust reporting,
and you could add the ability to fail over to
another location.” He adds, “We’ll see XML
start to permeate Group Policy” as a more
unified way of describing configuration.
End of Article
Register
