Active directory compliance tools promise improved visibility and streamlined management, but vendor approaches vary widely. Larger suites attempt to address multiple compliance requirements across AD or the enterprise as a whole, while more targeted offerings are available to meet needs ranging from network access control to identity management to log aggregation and everything in between.
Products that focus on Group Policy generally take one of two paths: supplementing Group Policy via extensions that address the most common gaps, often accompanied by an enhanced GUI and reporting capabilities, or replacing Group Policy entirely with a collection of deployment and monitoring tools.
Decide whether you want a point product aimed at Group Policy, a narrow (albeit important) component in your IT infrastructure, or if you're looking to go a more strategic route with a broader compliance suite. Take a hard look at the tools in your arsenal. The core functionality you need may already be available if you're willing to supply a bit of elbow grease. Asset management suites often have inventory and reporting features that can collect the necessary information with a modest amount of configuration work. For example, the Desired Configuration Manager feature of Microsoft's Systems Management Server can be used to audit and report against a predefined settings template, known as a "manifest." Be warned, however: DCM isn't for the faint of heart, especially if you haven't yet upgraded to the latest version of SMS, System Center Configuration Manager 2007.
New Tools Ensure Active Directory Policy Compliance