This is a tall order, but Microsoft has given administrators a management tool that they can use to meet many of these requirements. This often under used and under appreciated tool is Active Directory’s Group Policy. Group Policy is a powerful tool that can help administrators simplify network management, automate many policies and procedures, manage network growth from a central location, and lock/hide settings from inquisitive users.

Thousands of uses

There are literally thousands of potential Group Policy settings and uses, but some of the most popular uses are:

• Patch Management using Group Policy in conjunction with Windows Server Update Services (WSUS) to deploy patches to groups of computers on a schedule
• Workstation security control, such as Windows XP software firewall settings including on and off, and exceptions including different settings when a laptop is off the network
• Controlling remote desktop access to Windows XP workstations
• Assigning and managing login scripts (e.g. map shared folders and printers)
• Control of roaming profiles, redirection of local folders (e.g. My Documents), and synchronization
• Blocking profiles on groups (e.g. administrator workstation profiles are blocked when logging into servers)
• Controlling encryption of data on mobile laptops
• Controlling default Internet Explorer pages and settings
• Installing applications to workstations based on who logs into a computer.

Active Directory’s Group Policy is a powerful tool in the hand of an experienced network administrator. It can simplify network administration, improve IT governance, improve reliability, improve security, improve scalability and save time.