By Jason Brooks  |  Posted 2005-11-28 Print this article Print

Microsoft Corp.s Group Policy provides enterprises using Windows with base-line functionality for running managed, locked-down client machines—as long as the target systems live within an Active Directory environment. GPAnywhere 2.0 is an ingenious product from FullArmor Corp. that bridges the Group Policy coverage gap.

GPAnywhere 2.0, released in the spring, enables administrators to apply Group Policy configurations to machines that fall outside AD. The product is delivered in two modules: a console that plugs into Microsofts Group Policy Management Console and a client that must be installed on the machines targeted for management.

Click here to read more about locking down Windows systems.
In eWEEK Labs tests, we were able to create policies using Microsofts standard Group Policy tools and to pack these policies up into an executable file using the GPAnywhere console. The console exists as an MMC (Microsoft Management Console) snap-in that shows up as a new tab in the Group Policy Management Console.

GPAnywhere was straightforward to use, and we recommend that organizations using Group Policy to manage their systems investigate GPAnywhere as a solution for extending these same controls to systems that live outside the reach of AD—such as kiosks, stand-alone servers and roving client machines.

GPAnywhere 2.0 is priced starting at $6 per managed machine and $1,250 for the GPAnywhere management console. Considering the time savings and additional management granularity that GPAnywhere can bring to Windows systems, we consider the product attractively priced.

Upgrading will not be easy, however. We noted from the product documentation that GPAnywhere 2.0 is not backward-compatible with earlier versions of the product—previous versions must be uninstalled from client machines before loading 2.0, and earlier-version templates must be rebuilt as well.

On the client side, GPAnywhere supports Windows 2000 Service Pack 3 and higher, Windows Server 2003 and higher, Windows XP SP1 and higher, and Windows XP Embedded for Point of Service.

We tested GPAnywhere with Windows XP SP2 on the client side and Windows Server 2003 on the console side. We could have used the console on a Windows XP box as well, as long as it was a member of an AD domain.

To address the slew of new Group Policy objects that came with Windows XP SP2, we had to first join an XP SP2 box to our test domain to add these objects to AD.

In addition, because SP2—rather helpfully—expanded the descriptive text that accompanies Windows Group Policy objects, we had to apply to our Windows Server 2003-based system the patch referenced at support.microsoft.com/kb/842933/#XSLTH3152120124120121120120 to accommodate the longer descriptive strings.

Next Page: Familiar surroundings.

As Editor in Chief of eWEEK Labs, Jason Brooks manages the Labs team and is responsible for eWEEK's print edition. Brooks joined eWEEK in 1999, and has covered wireless networking, office productivity suites, mobile devices, Windows, virtualization, and desktops and notebooks. JasonÔÇÖs coverage is currently focused on Linux and Unix operating systems, open-source software and licensing, cloud computing and Software as a Service. Follow Jason on Twitter at jasonbrooks, or reach him by email at jbrooks@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel