News Stay informed about the latest enterprise technology news and product updates.

Group Policy wizards discover a new trick

Two IT managers at an online trading company didn't know how Group Policy management could be such a snap until they came across FAZAM 2000. Group Policy is a somewhat tricky feature of Active Directory for Windows 2000 to master. The pair, however, took on the task, and with a little help from FAZAM 2000, have lived to speak of it.

Being Group Policy wizards, Adam Greenspan and Frank Aneiros had no trouble putting that technology to good use when Datek Online migrated from NT 4.0 to Windows 2000. Their bag of tricks, however, didn't help them simplify Group Policy management. To do that, they found a tool with a name any wizard would love: FAZAM.

Longtime colleagues, Greenspan and Aneiros are senior system engineers for Secaucus, NJ-based Datek Online, a 1,200-employee online trading company. While working as administrators for a previous employer, Prudential Financial, Greenspan and Aneiros had mastered NT 4.0's System Policy. That knowledge put them on easy street when implementing Group Policy during Datek's move to Windows 2000 last year.

System Policy is similar to Group Policy in that user's settings can be controlled, but System Policy does so through Registry Settings. Group policies have broader configuration abilities and are written based on where users reside in Windows 2000's new directory service, Active Directory. At Datek, for instance, Group Policy is used to configure and define their user's desktop and security settings.

Once Group Policy was implemented, Greenspan and Aneiros found themselves wishing for ways to automate daily policy-related tasks. Manual backups, archiving, and migration of group policies were tedious and time-consuming. They had to manually monitor the settings of all workstations constantly to guard against misuse and ensure that each one had the proper virus protection. Application deployment at Datek required adding Windows installer technology to each application. Finally, monitoring group policies manually made it difficult to prevent policy problems.

At a trade show, the pair's search for a policy management "magic wand" bore fruit. Acquaintances from Prudential told them about a time-saving Group Policy management tool, FAZAM 2000 from Boston, MA-based FullArmor Corp.

FAZAM is one of several tools that promise to simplify Group Policy management. These include NetIQ's AppManager Suite and Novell's ZENworks for Desktops 3.2.

After evaluating a few tools, the pair decided that FAZAM's feature set best fit their needs. For one thing, FAZAM runs on the client of any machine and queries Active Directory. "FAZAM seemed to be one of the only products that has that kind of capability and ease-of-use," Greenspan said.

Datek has been using FAZAM 1.3.1 for a few months. Deploying it was a snap, because it's a plug-in that is integrated well with the Microsoft Management Console (MMC), said Aneiros.

FAZAM allows for policy-centric view of Active Directory through reporting, auditing and diagnostics, and back up capabilities. Reports on the group policies can be viewed through the MMC console. Also from the central console, problems occurring on desktops can be diagnosed and resolved. Backups can be set to run automatically. Further, policies can be rolled back or used as templates for new policies.

Greenspan and Aneiros are most satisfied with how FAZAM eases the backup of their group policies. FAZAM facilitates easy archiving and the ability to migrate policies from a test environment to the actual environment. This is to test that they will actually work when deployed.

Datek's call center is another area that benefits from well-managed group policies, said Greenspan. System malfunctions are thwarted because policies control what call center personnel can and can't do. As is often the case in call centers, Datek's staff workers do not sit at the same desks every day. So group policies are needed to make sure that each workstation is used in the correct way.

Keeping all workstations the same at all times increases network security, too. For example, security is heightened because policies stop personnel from downloading potentially virus-ridden software and saving files to the C drive. More minimally, Greenspan's and Aneiros' policies can change screen savers or set them to time-out at certain intervals. Policies can maintain specific desktop wallpaper, too, and not allow any changes. FAZAM is instrumental in making these policies work without a hitch, said Greenspan, because it is a spot checker that reports on the group policies to make sure they're running smoothly. Uptime is therefore maximized.

FAZAM also helps Greenspan and Aneiros manage application deployment. Many products do not come with Windows installer technology, so FAZAM has acted as a tool to simplify deployment processes for new applications.

FAZAM's shortcoming lies in its report generation, said Aneiros. Often it takes up to five minutes to produce a report, but, he admitted, some of Datek's policies are very large and could be a reason for the delay. In that case, Greenspan and Aneiros only run the report when necessary.

To Greenspan, FAZAM is a safety blanket. "If something goes wrong, we have auditing and verification utilities to help troubleshoot." At least for now, his bag of tricks is full.


Tips for planning an Active Directory deployment

Group Policy dos and don'ts

Dig Deeper on Windows systems and network management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.