New Group Policy automation and reporting technologies from Irvine, CA-based Quest Software promise to eliminate the drudgery of manual Windows 2000 Active Directory management tasks.
Introduced and available on Oct. 22, Quest's FastLane ActiveRoles 4.0 offers Group Policy management enhancements that make it more than a run-of-the-mill upgrade, said analyst Michael Hoch of Boston-based Aberdeen Group.
An Active Directory management application, FastLane ActiveRoles version 4.0 provides role-based administration, data integrity enforcement and Group Policy management. ActiveRoles' architecture relies on Active Directory itself for distribution of application information. "Unlike other management tools, ActiveRoles doesn't require any deployment of a proprietary server layer on top on Active Directory," says Keith Millar, Quest's director of product management, Microsoft Solutions.
Quest's focus on simplifying Group Policy management is a boon to Windows administrators, said Hoch. "Group Policy can be extremely complex, especially when you're trying to determine which Group Policy applies for each user," he explained. Active Roles 4.0's well-designed graphical user interface and automated reports should make Group Policy management accessible to Windows managers of all skill levels, he noted.
Unique in the Microsoft world to Windows 2000, Group Policy resides inside Active Directory and provides operating system and application configuration and lockdown, account settings, login/logoff script settings, and software distribution capabilities.
"Administrators often have problems with end users incorrectly configuring their workstations in NT 4.0, but Group Policy can eliminate these problems in Windows 2000," said Millar. Without Group Policy, inconsistent domain and computer settings across an organization are a constant problem. Correctly used, Group Policy can help administrators lock down workstations/servers and create policy consistency in settings across domains.
ActiveRoles 4.0's new Group Policy features automate reporting of Resultant Set of Policy (RSoP) calculations and mirror configuration of Group Policy objects (GPOs) across multiple domains. A simulation tool shows the results of group and OU membership changes, so administrators can check them before they're deployed.
The RSoP tool automates the calculations of policy settings in Active Directory. "It lets people understand what their Group Policy infrastructure really does," said Millar. At the end of the day, they need to calculate what happens when, say, user A logs into computer B. The RSoP tool automates calculations and shows the policy for user A, taking into account all the network GPOs and security settings relating to that user, he said. This eliminates a lot of detective work for administrators.
Enabling administrators to dynamically mirror a Group Policy setting across multiple domains eliminates the need to manually track and set GPOs in different domains. Until 4.0, an AD administrator who needed to enforce similar settings in five different domains had to create the settings in one domain and then manually recreate those settings in the four other domains, said Millar. The new ActivePolicy feature lets an administrator set those policies in one domain and mirror them to the other domains.
This mirroring capability will be a big time-saver for ActiveRoles users like George Defenbaugh. "One of the big deficiencies of Active Directory out of the box is the inability to manage a Group Policy like a file," said Defenbaugh, global infrastructure project manager for Amerada Hess, a Houston-based oil company. "You can't save a setting, copy it, and paste it."
ActiveRoles 4.0's WhatIf tool feature enables administrators to simulate Group Policy settings before deployment. For instance, the simulation can show what happens if a user or computer get added to a new group. This preview helps them avoid mistakes and create more effective settings, said Millar.
Administrators can also leverage the new published COM interface to ActiveRoles to automate common tasks such as role creation and role assignment.
Additionally, new Help Desk tools in the ActiveRoles Web client streamline routine tasks such as user account, creations, password resets and group membership changes.
FastLane ActiveRoles 4.0's price of $20 per managed user includes support and upgrade protection. Various upgrade programs are being offered for existing ActiveRoles customers.