Enterprise Server Strategies for the CIOGroup Policies are handy, but their frequent use leads to repetitive drudgework. The most repetitive task when working with Group Policy Objects is determining how a given set of changes to Group Policy will play out. Originally, the only way to do this was to create the profile in question, log on with the created profile and view the results first-hand. For one policy alone, it wasn't too bad, but for a slew of them, it was torture.
Microsoft tried to speed up the slog of working with Group Policy Objects by introducing tools such as Resultant Set of Policy (RSoP), which lets you preview the results of applying a given policy. But RSoP has limitations. If you're dealing with an application that's not aware of RSoP Registry manipulations, it can be difficult to use RSoP in a context other than basic user rights. Situations such as these call for tools, some from Microsoft and others from third-party vendors, to make Group Policy Objects and user profiles more automatically malleable.
The first of many Group Policy Object management tools in this space comes
Requires Free Membership to View
from (as you might imagine) Microsoft. The Group Policy Management Console (Service Pack 1) allows you to script actions through the console -- not merely settings within a Group Policy Object itself, but scripting actions taken by the console on Group Policy Object. In addition, you can now preview RSoP results through HTML-formatted reports.
One tool that automates Group Policy Object management is the GPOVault Enterprise offered by DesktopStandard Corp. Whenever a Group Policy Object is changed, GPOVault emails the admin so they know what's been updated. The tool can also perform more conventional Group Policy Object management tasks, such as controlling the Group Policy Object lifecycle. It's also possible to automatically roll back changes made by a misapplied or misconfigured GPO. Editor's note: While still available for users who have licensing agreements, GPO Vault has, as of July 1, 2007, been replaced by the new Vista-compatible Microsoft Advanced Group Policy Management tool.
If you're looking to automate system policy template creation, consider Tools4ever's Policy Template Editor. This tool can work with existing template files or create entirely new ones from scratch, and it has the ability to retrofit existing application templates for earlier versions of applications (such as using Office 97 templates for Office 95).
Five back-end tasks Windows administrators should automate
Introduction
Automating Active Directory maintenance
Automating Group Policy Object management tasks
Automating DNS management tasks
Automating full-system backups
Automating Web server log archiving
About the author: Serdar Yegulalp is editor of Windows Insight, (formerly the Windows Power Users Newsletter), a blog site devoted to hints, tips, tricks and news for users and administrators of Windows NT, Windows 2000, Windows XP, Windows Server 2003 and Vista. He has more than 12 years of Windows experience under his belt, and contributes regularly to SearchWinComputing.com and SearchSQLServer.com.
This was first published in December 2005
Join the conversationComment
Share
Comments
Results
Contribute to the conversation