GPO Preferences

GPO Preferences (Part 1)

For a couple of years now I've being using a tool created by Yizhar Hurwitz called "Reg2Adm" to create custom adm templates from registry keys for Group Policy Objects. The custom templates are deployed as preferences which are set once, but can be overwritten by the end user. Yizhar's tool automatically converts the .reg file to the appropriate syntax and format for .adm files, thereby making virtually any registry setting configurable via GPO.

Well, Microsoft has now built a lot of this functionality (and much more) into the next generation of group policy. MS acquired a company called Desktop Standard, makers of a product called PolicyMaker. PolicyMaker's GPO tools have been integrated into the Group Policy fabric of Windows Vista and Server 2008. The new functionality is being called "Group Policy Preferences"

So...how does that help Windows 2003/XP systems engineers? Well, Microsoft has made client side extensions available for Windows XP and Server 2003 systems, enabling us to take full advantage of a broad suite of configurable settings. Everything from registry keys, to drive mappings, to power settings can now be easily and natively controlled via Group Policy. The only caveat is that the settings can only be configured via a gpmc running on a Windows Vista or Server 2008 platform (we'll be using a Windows Vista VM to create/manage the GPOs).

Over the next few weeks I'll be documenting my experiences with Group Policy preferences as I begin to deploy the extensions throughout our enterprise. We'll be using Altiris for the rollout. One of the big selling points to my management team was the GPO Preferences' ability to CENTRALLY MANAGE LOCAL ADMNISTRATOR PASSWORDS!!!

I'll keep you posted on the developments.