Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


November 2004

Group Policy Management Tools

Extend and enhance Group Policy functionality
From the November 2004 Edition
of Windows IT Pro
Ed Roth
Buyer's Guide
InstantDoc #44102
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Active Directory (AD) Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

View this month's Buyer's Guide

Group Policy, which you implement through Windows Server 2003 or Windows 2000 Server, is an indispensable feature for managing the behavior of clients and servers in Windows environments. But maintaining a large number of Group Policy Objects (GPOs) and their links to domains, organizational units (OUs), and sites can be a difficult task. The products in this Buyer's Guide provide general Group Policy management assistance; they also extend and enhance Group Policy's basic functionality.

Basic Operations
Many of the products, such as solutions from Active Directory (AD) and Group Policy solution wizards BindView and NetIQ, help you perform Group Policy management tasks. These tasks include functions such as GPO creation and maintenance, policy analysis, import and export, backup and restore, and reporting.

Creation and Maintenance
For GPO creation and maintenance, look for advanced features that let you control and track GPO changes. Products that offer thorough change and release management strategies let you view a given GPO's properties at any point in its life cycle.

Policy Analysis
Group Policy analysis usually takes the form of a Resultant Set of Policies (RsoP), which lets you see which policies will be in effect when a given user logs on to a specific computer. The ability to perform offline analysis of different scenarios, such as when you move a user to another OU or move a computer to a different site, is another important feature to consider.

Import and Export
Thoroughly testing GPOs before putting them into production is an important step. Many organizations create and test GPOs in lab environments. You can save hours of work and avoid potential data entry errors by exporting GPOs from a lab environment and importing them into a production environment. You can also use import and export to move GPOs between production domains.

Backup and Restore
A good Group Policy management product lets you back up GPOs, security group filters, and Group Policy links to disk. Backups are useful when a GPO becomes corrupt or a newly implemented GPO causes a problem. You can also use backup to migrate Group Policy settings to a new domain or forest. Some vendors' tools let you replicate, synchronize, and manually copy GPOs between domains and forests when you migrate the associated security group filters and Group Policy links. This functionality lets you easily transfer the policy settings from a test environment to a production environment. Find a product that automatically documents the backup contents, including the settings for backed-up GPOs.

Reporting
Robust reporting for diagnostic, troubleshooting, and business-management purposes is a must-have. Look for a centralized reporting tool that provides insight from a variety of angles into your organization's object classes, policy settings, policy-affected registry keys, and security. The ability to search for a GPO that defines a specific setting and to compare a specific GPO with another version of the same GPO, an archived GPO, or a live GPO in AD are especially helpful features. Discovering problems such as GPO corruption and replication failures ensures that your policy infrastructure stays healthy. Report output options will ensure that you can use the results more effectively.

Extending Group Policy Functionality
Other products in this Buyer's Guide are geared toward leveraging the Group Policy infrastructure to extend its native capabilities. FullArmor GPAnywhere! lets you apply the power of Group Policy to nonnetworked and remote systems. You can use FullArmor GPAnywhere! to create, edit, import, and export GPOs with Windows 2003's Active Directory Application Mode (ADAM) and export the GPOs to clients as executable policy files. Another FullArmor solution, IntelliPolicy for Clients, provides new policies and options for desktop and server management that aren't available out of the box with Windows 2003. FullArmor has partnered with NetIQ to develop synergies with NetIQ's Group Policy Administrator products.

Vintela Group Policy (VGP), an add-on to Vintela Authentication Services (VAS), uses the existing Group Policy interface that's native to AD to extend policy-based management to UNIX and Linux systems. Although VGP currently provides an interface for creating UNIX and Linux GPOs through ADAM template files, a fully functioning server-side extension is in development and scheduled to be included in a future version of VGP.

End of Article

Reader Comments
You did not discuss GPO debug tools. For example, as a client if I try to connect to a server and I can't, what tools are available to me that log the exact policy(s) and setting(s) that caused me not to get connected. Again, if I try to set up a trust to another domain and can't, what GPO tools are available that specify the exact poliy(s) and settings that caused me not to be able to execute an action. Thanks.
phil@medicalcentral.com

Anonymous User October 31, 2004 (Article Rating: )

This could probably be an ad, but NOT an article. You dont or mention any spesific tools or references where I can get useful information. I know that Active Directory is something, but you dont give ANY info about what program I can use to install, manage and tune it...

A provokingly bac article, but a good sample of how low the level will become if there is no quality controle...

Anonymous User November 28, 2004 (Article Rating: )

Based on the title I was expecting to find a list of tools to "Extend and Enhance" GPO's, not some Marketing Department drivel. And then when I go to view the Buyer's Guide I find that IE won't install the Active-X component needed to view it because the OS can't verify the publisher! What a waste of a good 15 minutes from my life.

Anonymous User January 25, 2005 (Article Rating: )

It is nice to know that GPO's can be imported and exported, but how?

What value are you delivering to the reader?

Anonymous User June 10, 2005 (Article Rating: )

I could have found more useful information on a cereal box.

Anonymous User June 21, 2005 (Article Rating: )

Thanx

Anonymous User July 19, 2005 (Article Rating: )

Sounded like a sales pitch. Needed info on how to export GPO, not that it could.

tomd124 October 03, 2005 (Article Rating: )

The folks at NetWrix provide the Group Policy Change Reporter for free: http://www.netwrix.com/group_policy_auditing_change_reporting_freeware.html

fmike7 July 03, 2008 (Article Rating: )

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

Have New Features Made Exchange Server Backups Unnecessary?

Cluster continuous replication and Volume Shadow Copy Service might have made backups unnecessary in Exchange 2007, but will admins feel comfortable without a dedicated backup solution in place? ...

PsExec

This freeware utility lets you execute processes on a remote system and redirect output to the local system. ...
Active Directory (AD) Whitepapers Sustainable Compliance: How to reconnect compliance, security and business goals

Managing Unix/Linux with Microsoft System Center Operations Manager 2007 Cross Platform Extensions Beta

Addressing the Insider Threat with NetIQ Security and Administration Solutions
Related Events SQL Server 2008 – Can You Wait? | Philadelphia

SQL Server 2008 – Can You Wait? | Atlanta

SQL Server 2008 – Can You Wait? | Chicago

Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

Keeping Your Business Safe from Attack: Monitoring and Managing Your Network Security

Windows 2003: Active Directory Administration Essentials
Related Active Directory (AD) Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Free Download –VS 2008 Training
Experts Ken Getz & Robert Green plus labs, code, courseware

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Register for SolarWinds VM Monitor
Get X-Ray Vision into Your ESX Servers with SolarWinds FREE VM Monitor

GoGrid Offers FREE Trial for Windows Cloud Servers
Deploy Windows Server 2003 and 2008 with free load balancing through GoGrid’s award winning web-based GUI – all in less than 5 minutes

Order Your SQL Fundamentals CD Today!
Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.

How healthy is your Exchange Server? Find out Now!
Automatic Exchange Server Maintenance helps prevent disasters and improves performance. Download a FREE Exchange Server analysis tool.
You've Deployed SharePoint...Now What?
This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions

Ease Your Scripting Pains with the Flexibility of PowerShell!
Paul Robichaux equips you with PowerShell basics in 3 introductory lessons, each followed by live Q&A—all on your own computer! Register today!

What Would You Do If You Ran Microsoft?
ITTV's 2008 inaugural video contest, "If I Ran Microsoft..." is your chance to tell it like it is. Be goofy or be serious, but don"t miss this chance to have fun, win prizes, and go viral in a major way.

Maximize Your SharePoint Investment
This web seminar discusses how true bi-directional replication of SharePoint content from one server to another enables branch offices to maintain access to current SharePoint content.

Rock Your Knowledge, and Compete with Friends and Colleagues!
Are you the Web Application Performance Guru in your office? It's time to have fun! Download now to access the crossword puzzle. Challenge yourself and complete this fun activity!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing