Group Policy Update
If you have read my article series on windowsecurity.com about
"Managing Windows Vista Group Policy" theres a few extra comments I
would like to add...
ADMX
The most important note I would like to make is that Microsoft
published a tool to migrate ADM files to the ADMX file format some
time ago (november 2006) - the tool was actually developed by FullAmor
and licensed freely for Microsoft costumors. The tool is called "ADMX
Migrator", but actually does more than just migrate templates...
The product requires "Microsoft Management Console 3.0" and "Microsoft
.NET version 2.0" on Windows Vista, Windows XP SP2 or Windows Server
2003 SP1 to work - and provides the following functionality:
1. Converting/migrating ADM files to the new XML based Administrative
Templates format: ADMX. You can even select multiple files to convert
at one time - it's almost too easy!
2. Creating new ADMX files from scratch without the need to understand
and master XML and the special syntax the templates requires. This is
the "editor" part of the "ADMX Migrator" tool.
This is a very powerfull tool with lots of possibilities for admins
around the world. I you haven't played with this already I will advice
you to do so, you can use this link.
GPMC
At TechEd in Barcelona there was a "rumor" that Microsoft will remove
the builtin GPMC from Windows Vista as part of the Vista Service Pack
1 installation. I don't know if this is true and a final decision, but
it was actually stated so by the Group Policy Product Manager, Michael
Dennis. The reason should be, that Microsoft received some
"complaints" on the fact that every user could start this wonderfull
admin tool (maybe those costumors haven't heard of Group Policy
settings that disallow the use of MMC, Software Restriction policies
etc.?). Well, I just think it's funny to think of a Service Pack that
actually remove functionality (without replacing with anything
else/better) instead of adding stuff - maybe it's just me :-)
TOOLBELT
The great guys at gpanswers.com have collected a Group policy Toolbelt
that a GP admin just must have - it can be downloaded here:
http://www.gpanswers.com/toolbelt. Within this "belt" you will find
tools within an ISO file ready to be "mounted" or burned. The tools
are anything from an ADM file that sets GPO logging level to third
party utilities that makes tho job of a GP admin a bit more easy.
Check it out the next time you have time to download about 70 MB - a
lot better than finding the tools on diffenrent sites around the
world.
THE VISTA SETTINGS
If you haven't looked on Windows Vista Group Policy news in detail
yet, here is you chance to do so. Microsoft relased this Excel
document (as they have done in the past) with Vista GP settings. Very
interesting reading for GP nerds like myself. We now have SO many GP
settings that no man can possibly contain all the great possibilities
in his head so that's why we need this sheet. As mentioned in one of
my articles for windowsecurity.com there will hopefully be a search
option within the MMC when Microsoft released the first service pack
to Windows Vista (and in Longhorn Server). It will be interesting to
see how they manage to incorporate such a crucial functionality - we
must have faith in those guys :)
And BTW - when you guys are changing the code anyway, why not put a
"Save changes" dialog into the GPEDIT MMC like ANY other GUI that
handles important system changes. I hope that we will also see some
workflow handling soon, one admin that changes the GP settings and a
manager that approves the changes, making them "live" in the
environment. Also versioning is needed as GP's will probably "rule the
world" in a few years - not just backups, but real versioning that
makes it possible to spot changes made over time and to get back to a
"safe" setting fast (rollback). Well, I actually know that MS is
working on this too (DOPSA - Desktop Optimization Pack for Software
Assurance) - but as with Christmas presents it can be hard to wait too
long - I'll get back to this in a post very soon :)
posted by Jakob H. Heidelberg @ 4:23 PM 2 comments
If you think I haven't done anything for a while
If you think I haven't done anything for a while, then please check
out my articles on www.windowsecurity.com about Group Policy on
Windows Vista and Longhorn Server:
http://windowsecurity.com/articles/Managing-Windows-Vista-Group-Policy
-Part1.html
http://windowsecurity.com/articles/Managing-Windows-Vista-Group-Policy
-Part2.html
http://windowsecurity.com/articles/Managing-Windows-Vista-Group-Policy
-Part3.html
And this Danish website (in danish), http://www.tweakup.dk/, about new
stuff in Windows Vista for non-IT professionals:
http://www.tweakup.dk/article/1022/dk/
I'm now an auther on the above sites, so there won't be much time to
No comments:
Post a Comment