How To: Setting Up Active Directory Group Policies
March 10, 2006
Group Policy is a powerful weapon that should be part of every Active Directory administrator's arsenal. Just be careful with how you wield it--what seems like a trivial change to even the most experienced administrator may result in a flood of calls to your helpdesk. You'll need to use the Group Policy Management console tools, test your changes prior to deployment or, more important, adopt a full-fledged change management strategy. You'll be wiser for it in the long run.
Michael Fudge Jr. is a system administrator at Syracuse University's School of Information Studies. Write to him at firstname.lastname@example.org.
FullArmor PolicyPortal. If you want Group Policy but don't have an Active Directory setup, there are other options. One is FullArmor's PolicyPortal, a Web-based application that lets you set up GPOs and then target them by computer groups you specify through the Web interface. The computers managed by PolicyPortal must have a lightweight agent installed on them. The agent checks in with the PolicyPortal Web site at routine intervals, downloading and applying new policy settings as required.
Probably the coolest feature of PP is the amount of information it gives you. It's digital dashboard on the summary page graphs which machines are up-to-date with which policies, and displays a histogram of when devices last checked in. It also shows you the number of computers in each group and a log of how the policies were applied.