December 16, 2002 02:16 PM

Group Policy Management Tools

Rating: (0)
Ed Roth
Windows IT Pro
InstantDoc ID #27406

EDITOR'S NOTE
The Buyer's Guide summarizes vendor-submitted information. To find out about future Buyer's Guide topics or to learn how to include your product in an upcoming Buyer's Guide, go to http://www.winnetmag.com/buyersguide. To view previous Buyer's Guides on the Web, go to http://www.winnetmag.com/articles/index.cfm?departmentid=118.

Group Policy is a powerful means of modifying and managing configurations in a Windows 2000 environment. As you enable Group Policy Objects (GPOs) and link them to a complex organizational unit (OU) structure, you might realize that you need a more powerful Group Policy management capability than the OS affords. Products in this issue's Buyer's Guide give you granular control over developing, implementing, and managing GPOs in your organization.

Most of the listed products provide the ability to analyze the effects of policies without having to implement the policies in a production environment. Look for products that include Resultant Set of Policies (RSoP) functionality, which lets you analyze which policies will be in effect when user X logs on to computer Y. Make sure that the product you choose can provide detailed and general reports of RSoP information to suit different administrators' needs. The ability to perform a what-if analysis—what would happen if a user is moved to another OU or a computer is moved to a different site—is another worthwhile feature to consider.

Many of the listed products also can assist with Group Policy change and release management, which lets you view the properties for a given GPO at any point in its life cycle. A version control component provides a mechanism to prevent multiple users from simultaneously altering a GPO. Make sure to look for products that will maintain a complete history of a GPO's life from creation through retirement. Each GPO's version history should provide information about who made the changes, what was changed, when the changes took place, and why the changes were made.

Some products will help you implement the GPOs that you create. Basic applications might be limited to simplifying Group Policy Link and Security Group Filter management. More advanced applications also will let you replicate, synchronize, and manually copy GPOs between domains and forests while migrating the associated Security Group Filters and Group Policy Links. Such products let you easily transfer policy settings from a test environment to a production environment. The ability to roll back a policy deployment is another potentially valuable feature you should consider.

You can establish a measure of fault tolerance by selecting a product that lets you back up GPOs, Security Group Filters, and Group Policy Links to disk so that you can restore a backup of an individual GPO should a live GPO become corrupt or a newly implemented GPO cause an unforeseen problem. A backup functionality also lets you migrate Group Policy settings to a new domain or forest. To make backups easier to manage, look for a product that automatically documents the backup's contents, including the backed-up GPO's settings.

You'll also find products that provide robust reporting for diagnostic, troubleshooting, and management purposes. Look for a centralized reporting tool that will offer insight into your organization's security, policy settings, policy-affected registry keys, and object classes. Especially helpful are products that include features such as the ability to search for a GPO that defines a specific setting and the ability to compare a specific GPO with another version of the same GPO, an archived GPO, or a live GPO in Active Directory (AD). Reports that discover corrupt GPOs and replication failures will help ensure that your policy infrastructure stays healthy. To complement the reporting functionality, verify that the product you choose offers a wide selection of output options—such as output to a file, printer, HTML, or a database file—to ensure that you can make use of the results effectively.

—Ed Roth

ARTICLE TOOLS

Want to use this article? Click here for options!

Add a Comment

There are no comments to display. Be the first one!
You must log on before posting a comment.

Are you a new visitor? Register Here
Free Power Tools Brochure
Get Mark Minasi's 17-page guide today!



      

advertisement

GOOGLE LINKS
SPONSORED LINKS
FEATURED LINKS

White Papers

Your remote offices contain valuable electronic data – are they adequately protected? Learn how proven technologies can reliably and cost-effectively back up a branch office from a central location, in real time, to disk or tape, and even utilize existing backup solutions.

Downloads

PacketTrap IT is a comprehensive and affordable network management and application monitoring solution that solves problems associated with bandwidth, network and application performance, and connectivity. Gain insight into your network - try PacketTrapIT free for 21 days!

Web Seminars

IT administrators have to solve a myriad of problems. This web seminar outlines the ten most common systems management pains - including managing highly distributed systems and dealing with data theft/loss – and the best practices to address each.

eLearning Series

We bring the experts direct to you to share their real-world perspective and expertise. During each event, three sessions stream in real time, so you can learn, ask questions, and get solutions.
Upcoming event: Getting the Most with Exchange 2010 with Paul Robichaux

Subscribe to Windows IT Pro!

DevProConnections ITTV Left-Brain SharePointPro Connections SQL Server Magazine SuperSite for Windows Windows IT Pro

© Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.