So back in June, James Morris & I blogged a little bit about some exciting group policy stuff we had seen at TechEd. I’m back with a bit more details, because I think this has very relevant impact on UWWI, and well … it’s just cool!
So awhile back, Microsoft bought a company called DesktopStandard, who made a variety of 3rd party group policy tools and add-ons. They had about 3000 custom group policy settings which will someday soon will be added to the existing set (that’s twice what you get with the default w2k3 plus vista group policies). Microsoft did some work to eliminate any tattooing issues with these group policies, so they aren’t quite so custom anymore. I’ll give some sample categories of new policies below.
Additionally, Microsoft will be integrating a group policy feature from DesktopStandard called filters. This is kind of like the existing ACL-based filters, but so much more extensive that it’s crazy. I’ll give some sample categories of the filters below.
Microsoft has already taken one DesktopStandard group policy technology and rolled it out. The Advanced Group Policy Management which is part of the Desktop Management Pack is that offering. With it you can implement change management on your group policy, and easily see differentials between two group policies (making it easy to see what’s changed on an edited group policy that’s being proposed to be released).
Now … some more details. Some categories of the new group policies coming from this are:
We were told this set would eliminate the need for login scripts, which is one of the issues we need to solve in the Delegated OUs project. I have to wonder if this set plus the filters might also give us a way around the home directory issue we need to solve.
Speaking of which, here’s a list of categories on those filters:
ip address range
MAC address range
So as an example, we saw a presenter deploy a shortcut to his desktop via group policy. He then edited that group policy and added filters which made the setting only apply to Windows 2000 computers, users in the domain admin group, and running in a Terminal Services session. His demo desktop, of course, didn’t meet that stringent set of filters, and so the shortcut he had previously deployed disappeared (showing us that tattoing was no longer an issue for these new settings). The demo worked quite well and quickly.
We heard rumors that this set of new stuff would come concurrently with the WS2008 release, and it’s one of the Microsoft technologies I’m really looking forward to seeing more on.