Through various acquisitions, Microsoft has enhanced their portfolio of tools to manage group policy. The tools are bundled together as the "Desktop Optimization Pack". The pack consists of:
-Softgrid Application Virtualization
-Asset inventory service
-WinInternals diagnostic tools
-Advanced Group Policy Management
-System Center desktop error monitoring
I will focus on the advanced group policy management tool. The software installed on a member server, and does NOT require any schema modifications or agents on the DCs. For organizations that like to keep pristine DCs, this is good news.
The product uses two service accounts. One allows SYSVOL GPO access and the other is for the GPO vault. The interface to manage the GPOs can be installed on a client, as well as a server.
With GPO Vault, there are several delegation options: Full control, approver, editor, and reviewer. A workflow process can be setup to enable a system administrator to make proposed changes to a GPO, yet a senior person must review and authorize the change before it goes into production. E-mail notifications can be configured to notify when an approval is needed.
Other features include:
-Check-in/out capability of GPOs
-GPO difference reporting
-Recycle bin for deleted GPOs
-Roll-back and roll-forward capability
-Compatible with Vista
-Archiving of GPOs
-Off-line editing of GPOs and full approval process before put into production
-Integrated with the GPMC
Many of these features are ones administrators which MS had all long. Difference reporting, approval, and roll-back can be huge life savers.
The desktop optimization pack is available to Software Assurance customers, only, the last time I checked. For additional information see: http://www.microsoft.com/windows/products/windowsvista/enterprise/mdopoverview.mspx
