If you’re like most companies of any substantial size, you probably have an extensive GPO environment. Maybe you have it mostly under control; maybe you need some help getting it under control. Either way, I challenge you to think about the potential gaps and challenges you have in your GPO environment.
Ask Yourself: Do I need help?I talk to customers all the time who believe that controlling, managing, tracking, and auditing GPOs aren’t real needs/challenges in their environment. I hear statements like, “we only have a couple people who do anything with GPOs” or “ we don’t change or create GPOs that often.” But, that’s not the thoughts they should be having or the questions they should be asking. The questions are “How many people have access to manage GPOs?” and “Do those people understand GPOs well enough to create or manage them”?
Think about it, there are few things that can nearly immediately destroy your end user environment, applications, servers, desktops, and even AD faster than an inappropriately configured and applied GPO.
The Real WorldFor a large part of my 19 year IT career, I’ve supported, implemented, engineered, and architected large, global AD environments, including the GPO design and implementation. Because of the potentially devastating nature of GPOs, I did my best to keep an eye on my GPO environment.
Of course, tribal knowledge existed that dictated the rule “only I was supposed to manage them”. However, as with most IT shops, there were people who had enough access that they COULD manage them if they chose too. And, of course, there were times that “bad things” happened from GPO modifications.
Beyond the potential hazards, there were other challenges I faced. Auditing season was never fun because other than submitted/approved change requests in our ticketing system, I had no proof that changes to GPOs followed process. And, as any of us that are part of audit season know, auditors are all about the proof.
Finally, I faced the enormous challenge of managing a giant environment that heavily relied on GPOs to configure the majority of the employee population with GPOs. Our GPOs changed often and we were also constantly “ramping” projects, which required new GPOs. The entire process was extremely time consuming and a bit of bottleneck to production, because I was the only one that managed them to avoid all that potential risk.
The Answer to the ChallengeSo, this of course, leads me to what I feel is an exceptional answer to the challenge: Quest Software’s GPOAdmin. At this end of this article, there will be some quick links to the product’s web page so you can review it and even trial it. But, I’m going to give you the quick highlights.
The underlying basis of GPOAdmin that makes it possible to truly control, manage, track, and auditing (prove) your environment is the offline versioning feature. GPOAdmin sorta works like software development systems. What I mean by that is, it literally makes a copy of your GPO environment and stores it offline. The power this gives you is incredible.
Along with the offline versioning, GPOAdmin sports a myriad of features that we’ve added to the product.
These are just the highlights.
Let’s wrap it upPotential risk is mitigated with the offline versioning feature of GPO admins as well as by the granular delegation capabilities of this product. Beyond the potential risk reduction, safely allowing others to manage GPOs and parts of GPOS increases productivity by reducing the burden on 1 or just a few people and eliminating the bottleneck.
GPOAdmin tracks the changes being made, even GPOs that are modified outside of the product (remember, you can allow GPOAdmin to automatically and immediately reverse changes outside of the tool). Because of this, you have proof to show auditors and also information that gives you a complete picture of your GPO environment.
Finally, the reporting and modeling wizards allow you to intelligently understand what’s in your GPOs and the impact of new GPOs and changes to existing to GPOs. When I managed these environments (in the real world), I wasn’t lucky enough to have this product. But, looking back, I wish I knew about it and could have implemented it.
GPO control, management, tracking, and auditing isn’t a “nice to have.” It’s a real challenge for any company, and GPOAdmin is the answer to that challenge.
Download Free Trial
Thank you for any other wonderful post. The
place else may anybody get that type of information in such
an ideal way of writing? I’ve a presentation next week, and I am at the look for such info.