Microsoft Corp.s Group Policy provides enterprises using Windows with base-line functionality for running managed, locked-down client machinesas long as the target systems live within an Active Directory environment. GPAnywhere 2.0 is an ingenious product from FullArmor Corp. that bridges the Group Policy coverage gap. GPAnywhere 2.0, released in the spring, enables administrators to apply Group Policy configurations to machines that fall outside AD. The product is delivered in two modules: a console that plugs into Microsofts Group Policy Management Console and a client that must be installed on the machines targeted for management.In eWEEK Labs tests, we were able to create policies using Microsofts standard Group Policy tools and to pack these policies up into an executable file using the GPAnywhere console. The console exists as an MMC (Microsoft Management Console) snap-in that shows up as a new tab in the Group Policy Management Console.
GPAnywhere was straightforward to use, and we recommend that organizations using Group Policy to manage their systems investigate GPAnywhere as a solution for extending these same controls to systems that live outside the reach of ADsuch as kiosks, stand-alone servers and roving client machines.
GPAnywhere 2.0 is priced starting at $6 per managed machine and $1,250 for the GPAnywhere management console. Considering the time savings and additional management granularity that GPAnywhere can bring to Windows systems, we consider the product attractively priced.
Upgrading will not be easy, however. We noted from the product documentation that GPAnywhere 2.0 is not backward-compatible with earlier versions of the productprevious versions must be uninstalled from client machines before loading 2.0, and earlier-version templates must be rebuilt as well.
On the client side, GPAnywhere supports Windows 2000 Service Pack 3 and higher, Windows Server 2003 and higher, Windows XP SP1 and higher, and Windows XP Embedded for Point of Service.
We tested GPAnywhere with Windows XP SP2 on the client side and Windows Server 2003 on the console side. We could have used the console on a Windows XP box as well, as long as it was a member of an AD domain.
To address the slew of new Group Policy objects that came with Windows XP SP2, we had to first join an XP SP2 box to our test domain to add these objects to AD.
In addition, because SP2rather helpfullyexpanded the descriptive text that accompanies Windows Group Policy objects, we had to apply to our Windows Server 2003-based system the patch referenced at
support.microsoft.com/kb/842933/#XSLTH3152120124120121120120 to accommodate the longer descriptive strings.
Next Page: Familiar surroundings.
Click here to read more about locking down Windows systems.