Select Page

Group Policy’s Cross Platform History

It was the early 2000s. I was at Quest Software–serving as CTO for the Windows management business. A lot of my job in those days involved looking at technologies to acquire. Even at that time, I had been a Group Policy geek for a few years, with some large enterprise deployments of AD and GP under my belt. I remember attending a meeting in a coffee shop in Los Gatos–just south of the heart of Silicon Valley– with the founders of what was then a very innovative company–Vintela software. Vintela had created technology to AD-enable Linux and Unix systems. And, as I came to learn in that meeting, they had also developed Group Policy extensions for Linux, to go along with that AD-enablement. Now, I was as big of a fan of Group Policy as anyone at the time, but the notion of extending it to Linux/Unix systems was a bit of stretch initially, even to me. However, as we talked tech about it, it made perfect sense to me and I was hooked! We (Quest) ended up acquiring Vintela soon thereafter and over the years, the technology has morphed into what is now Dell Authentication Services  (formerly Quest Authentication Services (QAS))–a set of capabilities for authenticating and managing Linux, Unix & Mac configuration settings via AD and Group Policy– just like Windows.

A Group Policy SDK in the Era of DevOps

Fast forward a few years, and I started SDM Software with the goal of making Group Policy-based Windows configuration management a powerful capability for enterprises. One of the goals I had in those early days, was to create an “SDK” for Group Policy. Even back then, I thought that the ability to automate GPO changes could be powerful, and open up new opportunities for configuration management of Windows systems. Out of that idea, the Group Policy Automation Engine (GPAE) was born–a PowerShell SDK for reading and writing GPO settings (intially we actually supported VBScript as well!).  7 years on from GPAE’s first release, and in today’s IT world, DevOps is the new mantra for IT. DevOps is many things–process changes, behavioral changes and technology changes. But a central part of DevOps is the need for automation. Whether it’s automation of your release processes or automation of your deployment of compute resources, the need to automate every step of the process in releasing a new application is a key to developing DevOps capabilities. In that context, the ability to automate changes to Group Policy makes GPAE the “DevOps enabler for Group Policy” (or at least I like to think it does :-)) With GPAE, deployments of or changes to GPOs can be accomplished from the command line using PowerShell–and folded into your other automation processes to make elements such as security or application configuration on Windows a snap.

Announcing GPAE 4.0–the Cross Platform Windows Group Policy SDK!

Given all of this history around GPAE and QAS, you knew I was building up to something–didn’t you? Well, here it is! Today, I’m happy to announce the release of GPAE 4.0. And along with a bunch of improvements and additions to it’s capabilities in the Windows Group Policy realm, the big feature I’m most proud to announce, is that we’ve extended GPAE to be able to write Linux/Unix Group Policy security settings for users of the Authentication Services product. What does that mean? Well, we’ve added support into the GPAE to allow Dell customers of QAS to be able to read and write QAS-specific Group Policy settings using PowerShell. This is great news for Linux/Unix administrators who live and die by the command-line, as they can now manage key aspects of their Linux/Unix security configurations using QAS, Group Policy and PowerShell. No pesky Windows GUIs required (well, you still need PowerShell) :-).

What we’ve implemented in this 4.0 release, is support for two main areas within QAS–namely access control (users.allow and users.deny) and sudo (the ability to update sudoers files using GP). The following screen shot how this appears in the GP Editor natively for QAS customers.

Cross Platform Windows Group Policy SDK

Managing Linux/Unix Settings with Dell Authentication Services and Group Policy









So now, using GPAE 4.0 and QAS, you’ll be able to update users.allow, users.deny and sudo settings through PowerShell automation in addition to the power you already have in doing the same automation for Windows Group Policy settings. Voila!–GPAE delivers Group Policy as a cross-platform DevOps enabler! But seriously, regardless of the buzzwords, we think this new GPAE release enables some interesting cross-platform automation scenarios and we’re happy to have it finally see daylight.

Get It!

The next step is to check out GPAE 4.0 and let us know what you think. If you are interested in playing with it, head over to the GPAE product page and request a trial! Also, make sure you check out the blog post and video posted by Kevin Sullivan, our VP of Product Management, as he digs in a little deeper on this new capability and shows some PowerShell code.