"Group Policy has a lot of benefits, but when will Microsoft make it simpler to implement and manage?" This reader question sums up the main points raised in response to this month's survey.

Unlike the two technologies I previously surveyed readers about (SharePoint and Windows Rights Management Services—RMS), Group Policy is widely used and its business value is understood. Nearly 84 percent of respondents use Active Directory (AD); of those, 87 percent also use Group Policy. People report that the main benefits of using Group Policy include security and simplifying software distribution and desktop lockdown. Because users know the benefits, the predominant concerns that this month's survey raised about Group Policy revolve around ease of use, increased functionality (including a desire for more Group Policy−enabled applications—for details, see the Web-exclusive sidebar "Group Policy−Enabled Applications," http://www.windowsitpro.com, InstantDoc ID 44098), and ease of Group Policy Object (GPO) and .adm file management. For details of the survey findings and the questions users asked, see the complete survey results in the Interact! area associated with this article on the Windows IT Pro Web site.

I talked about the survey results with Microsoft's Jackson Shaw (product manager, directory services), Michael Dennis (lead program manager, Group Policy and Windows Update Services—WUS), and Mark Williams (program manager, Group Policy). They greeted the survey data with enthusiasm about learning from and acting on the data. They also encourage you to use the Windows Feedback site (http://www.windowsserverfeedback.com), which has been the source of product improvement requests that the Group Policy team has implemented. (For details about Windows Feedback, see the Web-exclusive sidebar "Give Microsoft Feedback—and Get a Response?" InstantDoc ID 44097.)

Ease of Use
"Why is Group Policy so hard?" asked one reader. Specifically, readers want to easily see what's going to happen if they apply a GPO and to be able to trace modifications to the default settings and determine which GPO is affecting a setting and how. Readers also asked for reporting tools, better management tools, and search functionality. (The survey also included several requests for more reference documentation for GPOs. Mark addresses this topic in the Web-exclusive sidebar "Group Policy Documentation," InstantDoc ID 44099.)

"A considerable number of the survey responses focus on tasks or scenarios that we addressed directly in GPMC as a result of customer feedback, such as backup and copying of GPOs (within and across domains and forests) and Group Policy reports," Mark explained. Jackson added, "It's clear and surprising to me that we probably need a better story around making sure people know about the GPMC."

Readers feel that the Group Policy Management Console (GPMC) is a good start but still needs improvement. One IT pro commented that "GPMC helps users better deal with the complexity of Group Policy but doesn't solve its inherent complexity."

Michael explained how GPMC addresses readers' ease-of-use concerns. "We developed GPMC in response to customer feedback. It's a single place to manage group policies and who policies affect and why. It has a great reporting mechanism for showing you what's inside a single GPO, but also to provide Resultant Set of Policies (RSoP) information based on AD or an individual machine."

For Windows Server 2003 and Windows XP Professional, GPMC includes a "friendly face on RSoP" called Group Policy Results and Modeling. Michael explained that the tool is "for determining what policy settings are applied in Active Directory, or you can query a particular machine for a particular user and policies to see the settings for that machine and user."

When troubleshooting a problem, many administrators wouldn't think to check whether a GPO might be responsible. If you're diagnosing a problem on a machine, how do you know to check policies? Michael replied that if you're using Group Policy, "you should get into the habit of checking the policy settings and asking whether they could be affecting the thing that you're trying to diagnose. Start there. Use the Group Policy Results and Modeling tool."

Another reader concern was automation of GPO management. "This is precisely what the GPMC Object Model (available on any machine running GPMC) is all about," Mark said. "It provides interfaces for copying, moving, and linking GPOs. One specific scenario that GPMC enables is managing GPOs across domain boundaries. The white paper 'Migrating GPOs Across Domains with GPMC' (http://www.microsoft.com/windowsserver2003/gpmc/migrgpo.mspx) covers this topic."

Search Functionality
"Can you make settings intuitive and easier to find?" requested one reader. Another asked, "Will there be a search function so that you can search for a variable you want to change instead of having to know where it is?"

Although Microsoft's policy is not to comment on future product direction, Michael made it clear that his team is taking this request seriously. "That's a great idea and it's understood as a customer requirement." To provide some immediate workarounds, he added, "The Explain text for GPOs is in Help, and Help is searchable. Of course, you have to search in one place (i.e., in Help) and implement the functionality in another, but this is a good tip for searching right now."

Jackson added, "When I have my focus set on a particular security option or GPO setting, I just hit F1, and it takes me right to the Help file for that particular GPO setting."

Going beyond searches, Mark gave another tip about filtering the amount of information you get from Gpedit and limiting results to a specific area. "There are a lot of questions on the newsgroups about filtering. Suppose you want to limit the information you get from Gpedit and just target a particular XP machine. In Gpedit, you can go to the View, Options menu and filter to show only the policy settings you want. You can specify a particular OS or service pack, for example. Suddenly, the information that Gpedit returns becomes much smaller."

I asked why people aren't aware of this functionality, and Mark replied, "It's kind of hidden under the View/Options menu. Maybe that's something we should just make a little more evident."

I was impressed that this group went beyond the typical canned answers and tried to provide practical information. But most refreshing was the group members' honesty about areas for improvement and their commitment to improving their product for users.

   Prev. page   [1] 2     next page



You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

If only the rest of Microsoft would listen as well as this team!!! I've met these guys at several conferences and they don't just talk about this, they do it!!! Though in the last year or so gotten the impression that they are lone wolves at Microsoft, in that they have a great vision on how Group Policy can be used more deeply to solve real problems that we have in the real world, but that they simply aren't a big enough team to act on the most important and costly (to Microsoft) areas of improvment. I sure wish that Microsoft figures this out and soon!

Group Policy is THE only game in town for doing what it does (and more is needed). It is the right model for doing desktop and server management and this article supports that fact! It is implemented within Windows rather than everyone else's add-on approach - please, Please, PLEASE Microsoft give us more of this, it's exactly what we need and want!!!

Anonymous User- November 02, 2004

Article Rating 5 out of 5

If only the rest of Microsoft would listen as well as this team!!! I've met these guys at several conferences and they don't just talk about this, they do it!!! Though in the last year or so gotten the impression that they are lone wolves at Microsoft, in that they have a great vision on how Group Policy can be used more deeply to solve real problems that we have in the real world, but that they simply aren't a big enough team to act on the most important and costly (to Microsoft) areas of improvment. I sure wish that Microsoft figures this out and soon!

Group Policy is THE only game in town for doing what it does (and more is needed). It is the right model for doing desktop and server management and this article supports that fact! It is implemented within Windows rather than everyone else's add-on approach - please, Please, PLEASE Microsoft give us more of this, it's exactly what we need and want!!!

Anonymous User- November 02, 2004

Article Rating 5 out of 5