Familiar surroundings One of GPAnywheres prime strengths is the way it integrates with Microsofts existing Group Policy framework. The test policy we built for our GPAnywhere-enabled Windows XP SP2 clientand the process we used to build itwas no different than it would have been for a typical client living within AD.We could configure the policies we created to apply to particular local groups. For example, we were able to mandate a locked-down configuration for limited users but allow for more slack in the leashes of users in the administrator group. This flexibility is particularly important for the sorts of systems that are likely to live outside AD. However, we found that GPAnywhere conforms a bit more closely to the standard Group Policy than wed like. We say this because there wasnt a way for us to configure GPAnyware-specific settingsthose beyond the standard Group Policy options, such as which template to use by defaultfrom the GPAnywhere console. Rather, we had to configure these settings separately, using the GPAnywhere client application. However, the settings we configured using the client were saved in an XML file, which we could then pack up with the GPAnywhere installer package for deployment to multiple machines. In addition to the policy templates we could create ourselves, GPAnywhere ships with default medium- and high-security templates, which represent best-practice lockdown settings for managed systems. We could review these templates from our test system running the GPAnywhere client, but the templates did not show up in our management console alongside the default Windows Group Policy objects or the new policy objects wed created. FullArmor officials told us that they plan to address this issue in a future release and that, for now, customers can request backup files of the default templates that they can integrate into AD and edit using the Group Policy Management Console. GPAnywhere 2.0 is built to work along with a separate, although as-yet-unreleased, FullArmor productthe GPAnywhere Policy Portal, which will allow for centralized administration of these settings. Next page: Evaluation Shortlist: Related Products.
Unlike Microsofts vanilla policy implementation, however, in which the local policy that governs a machine thats disconnected from AD applies to all users on that machine, GPAnywhere enables a more granular approach.