Establishing enforceable policy on Windows desktops across an enterprise is a daunting task even in a fairly small environment. Manual policies such as a security checklist for configuring end user systems or servers require automation. Policies concerning application access, passwords, content accessibility and configuration, as well as server changes all should be managed in today's environment.
Products like Secure Elements??? C5 is focused on security configuration for Microsoft Windows operating systems, using proprietary sensors (aka agents) on each host machine. Their software works to identify security vulnerabilities, finds compliance issues, evaluates and resolves issues. This software works well in environments where you need to overlay a policy-based management tool on an existing set of end user systems.
If you are migrating to a new operating system, take a look at products like ScriptLogic. ScriptLogic???s approach prevents users from doing harm and still provides the flexibility to run their critical applications. Although requiring an agent, ScriptLogic does not use Windows group policies which can have some limitations in the ability to deploy and manage flexible policies for your users. With ScriptLogic, software can roam with users, allowing enforcement based on types of users rather than on physical hardware.
With Windows alone, few organizations will be satisfied with the existing group policy manager and should take a look at some of the third party products on the market that can make managing this environment a little less stressful.