I sat in on a Microsoft webcast presentation of the upcoming release of Group Policy Preferences, which I blogged about earlier. This is the old DesktopStandard PolicyMaker stuff for extending Group Policy to do much more than it does today. While I used to work with the DesktopStandard folks and had seen PolicyMaker up close, it was interesting to hear about how Microsoft plans to make this available, and what has changed. The biggest piece of news for me is that you don’t have to have a Server 2008 license to use this stuff in XP and Server 2003. Essentially what you’ll need is the Client Side Extension install for your XP or Vista clients, and then the RSAT administrative tools pak for administering the new Preferences. RSAT willl add the snapins to the GP Editor (and presumably also make some extensions to GPMC) to allow you to view and edit those new Preferences settings. Cool.
The other thing that remains intact for Preferences, from the old PolicyMaker product, is the ability to do per-setting targeting. What does this mean? Well imagine being able to, within a single GPO, have 60 settings that are each targeted based on criteria ranging from IP address of client to hardware configuration, to security group membership, to whether its a laptop or desktop machine, and on and on. Can you say "power and complexity"? This is a very powerful feature but I can also quickly see how it can be abused to no good end. This is especially true as it does not appear that the RSOP reporting in GPMC will support evaluating of these targeting criteria. That means that if you are using these fine-grained targeting methods, you won’t be able to see if a given user or computer is receiving a policy setting because of them. That will be interesting and challenging!
The other thing of note is that the Outlook profile and MS Office settings that were part of the original PolicyMaker product will not ship when Group Policy Preferences do, but at some later time, due to apparent legal restrictions related to shipping Office components with the OS!
In any case, it continues to be lots of good news for being able to better manage your desktops and servers using GP going forward. Frankly, if you haven’t already planned on how and when you will roll out support for Preferences to your existing desktops, I would seriously consider it now. These will be out of band additions for some time to come but you might as well take advantage of the capabilities that this thing brings as soon as possible.