By Jason Brooks  |  Posted 2005-11-28 Print this article Print

Familiar surroundings

One of GPAnywheres prime strengths is the way it integrates with Microsofts existing Group Policy framework. The test policy we built for our GPAnywhere-enabled Windows XP SP2 client—and the process we used to build it—was no different than it would have been for a typical client living within AD.

Unlike Microsofts vanilla policy implementation, however, in which the local policy that governs a machine thats disconnected from AD applies to all users on that machine, GPAnywhere enables a more granular approach.

We could configure the policies we created to apply to particular local groups. For example, we were able to mandate a locked-down configuration for limited users but allow for more slack in the leashes of users in the administrator group. This flexibility is particularly important for the sorts of systems that are likely to live outside AD.

However, we found that GPAnywhere conforms a bit more closely to the standard Group Policy than wed like. We say this because there wasnt a way for us to configure GPAnyware-specific settings—those beyond the standard Group Policy options, such as which template to use by default—from the GPAnywhere console. Rather, we had to configure these settings separately, using the GPAnywhere client application. However, the settings we configured using the client were saved in an XML file, which we could then pack up with the GPAnywhere installer package for deployment to multiple machines.

In addition to the policy templates we could create ourselves, GPAnywhere ships with default medium- and high-security templates, which represent best-practice lockdown settings for managed systems. We could review these templates from our test system running the GPAnywhere client, but the templates did not show up in our management console alongside the default Windows Group Policy objects or the new policy objects wed created.

FullArmor officials told us that they plan to address this issue in a future release and that, for now, customers can request backup files of the default templates that they can integrate into AD and edit using the Group Policy Management Console.

GPAnywhere 2.0 is built to work along with a separate, although as-yet-unreleased, FullArmor product—the GPAnywhere Policy Portal, which will allow for centralized administration of these settings.

Next page: Evaluation Shortlist: Related Products.

As Editor in Chief of eWEEK Labs, Jason Brooks manages the Labs team and is responsible for eWEEK's print edition. Brooks joined eWEEK in 1999, and has covered wireless networking, office productivity suites, mobile devices, Windows, virtualization, and desktops and notebooks. JasonÔÇÖs coverage is currently focused on Linux and Unix operating systems, open-source software and licensing, cloud computing and Software as a Service. Follow Jason on Twitter at jasonbrooks, or reach him by email at jbrooks@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel