Managing Security Policies Using Microsoft Group Policies Objects Ken Estes
Overview TCO and why it is important Standardized Desktop Background on Policies Objects and Active Directory Group Policy Objects Properties of GPOs Examples Conclusion
TCO and why it is important TCO is a life cycle model -- that is, it considers the total costs of acquiring, owning, operating, and maintaining equipment over its entire useful life. Furthermore, TCO includes not only costs associated with owning and operating the equipment, but also the costs associated with using the equipment to its fullest potential. Thus, items like user training, performing regular maintenance and audits, testing and deploying software updates, and handling systems management tasks are also part and parcel of the TCO model. http://www.hp.com/sbso/productivity/howto/standardizehardware/understandit.html
TCO Continued The Gartner Group data indicates that the capital cost of acquiring personal computers for a networked environment is only 21% of the Total Cost of Ownership (TCO) over the three to five year life cycle of the computers. The other 79% includes the ongoing costs of ownership such software updates, technical support, user downtime, user training, and losses from system failures.
Still more on TCO The most significant contributing factors to the rising TCO are: Inability to establish and maintain standard desktop configurations throughout the company. Software conflicts and incompatibilities between applications resulting from non-standard PC configurations. Unauthorized changes to PC desktops by end users Increasingly complex nature of PC applications and their inter-dependencies with other applications and with the operating system itself. Attempts to solve the problems of distributed systems with centralized management methods. http://www.dontworry.com/wp/win98.html
Standardized Desktop Simplifies troubleshooting Simplifies training Simplifies deployment Easier to replace crashed computer
Background on Policies Poledit.exe config.pol and ntconfig.pol Allowed for standardizing desktops Several drawbacks altered client registry single file
Objects and Active Directory In Active Directory every item is an object A unit of data storage in the directory service... Directory service objects consist only of data. A directory service object is defined by a Class-Schema object and a group of Attribute-Schema objects referenced by the Class-Schema object. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ adschema/active_ directory_ schema_site.asp
Group Policy Objects Group Policy Objects (GPOs) are held in a repository in the AD and then linked to a site, domain or Organizational Unit One GPO can be linked to different objects An AD can have hundreds of GPOs Can control just about any aspect of Windows using templates
Properties of GPOs
Conclusion Standardized computers are more secure and have a lower TCO GPOs allow for the controlling of almost any aspect of Windows 2000 and newer Multiple GPOs can be applied to an object Group Policy Management Console has better control