For my first post of the new year, I thought I’d go big and talk about some existential questions facing Windows configuration management. First, whither Group Policy? Second, how do we think about all this here at SDM Software–as we consider ourselves more than just a “Group Policy solutions company”?
With the provocative title to this blog posting, I’m wading into an occasional and sometimes panicked question I get from IT administrators. Back in 2011, I wrote an article for Windows IT Pro Magazine entitled, “What’s Wrong with Group Policy?”. This article focused on 5 key areas that I thought Microsoft needed to do a better job at, within Group Policy. But, as we approach the end of the 15th year of GP’s existence most of those items have not changed. In fact, one could argue that in certain areas, such as bug fixing of existing problems as new Windows releases have come out, things have gotten worse!
Whether it’s frustration over long unfixed GP bugs, or the lack of GP support in newer versions of the operating system, IT administrators often ask, “Is Group Policy Dead?” as far as Microsoft is concerned. And lest you think it’s only IT administrators who harbor these existential fears, know that I and my fellow Group Policy MVPs often ask this question as well. And while I don’t think Microsoft has done an “awesome” job of communicating it, they have more recently clarified the role of Group Policy in the Windows universe, and have done so publicly, if not obviously.
Group Policy’s Lot in Life
Time and time again in the past few months, I’ve seen public presentations, at conferences and presentations by Microsoft folks that post Powerpoint slides that call out Group Policy in the pantheon of configuration management tools that Windows administrators have at their disposal. Specifically they reference GP as still being the go-to tool for configuration management of on-premises, domain-joined Windows systems. In the same way, they call out other technologies like Microsoft Intune, as the choice for those client (i.e. not server) systems that are not in the domain, not on the corporate network and/or not Windows. And they talk about Desired State Configuration for managing configuration on server-based systems (on premises or in the cloud).
Now, that may or may not be a great story for you to hear if you don’t want multiple tools to manage configuration of your endpoints, but it IS the story, at least today. To be clear, Microsoft still seems firmly committed to Group Policy as a technology that, while not being radically enhanced, will still be extended through various mechanisms such as Administrative Templates. This was evidenced in the recent Windows 10 November Update, which I blogged about recently. So if your Windows servers and desktops continue to be AD domain-joined and on the corporate network, Group Policy is still the technology for you to manage configuration across those systems.
Changes in the Winds?
So, all of the above begs the question–will things ever change for GP? Well, frankly, you and I will decide that! And we’ll decide it because more and more of our client and server workloads will either move away from their tight coupling to on-premises AD–as I postulated over a year ago in a blog posting here–or because we find other ways to manage system and application configurations for our increasingly disparate device and application landscapes (e.g. iOS, Android, Windows, Linux, etc.). Whether it’s for workloads running in our data centers or in Infrastructure as a Service (IaaS) offerings such as Amazon AWS and Microsoft Azure, we all need configuration management technologies and tools that allow us to flexibly configure, target, secure and deploy applications to an increasing variety of endpoints. And let’s face it folks–Group Policy is not going to help with a lot of those future scenarios. So, there is definitely change coming. Microsoft has recognized this trend and as I mentioned above, has answered with technologies like Microsoft Intune for the client and Desired State Configuration for servers.
SDM Software and Configuration
As we start a new year, we here at SDM always take time to reflect on where we’ve been and where we’re headed. 2015 was a banner year for SDM, in both financial and non-financial ways. We brought Kevin Sullivan, our VP of Product Management & Business Development, on board in July. Kevin has brought many things to SDM, but one of the areas that I’m very excited about is the educational webinars he kicked off late last year, around GP and DSC. We plan to continue this trend in 2016, to help you, our customers, both improve your knowledge around Group Policy and Desired State Configuration, as well help you make good decisions about when to use each technology in the future.
Both myself and Kevin have blogged frequently over the past year, about the advent of Desired State Configuration technology within PowerShell. DSC has the advantage of being agnostic of domain membership, infinitely extensible and ultimately, cross-platform and it’s a technology we’re very excited about here at SDM. And while DSC and GP are complimentary technologies today and for the forseeable future, we’ve already started to make some tentative steps towards helping you transition from GP to DSC easier for certain configuration scenarios (See my script for converting ADMX-based GPO registry settings to DSC documents and our DSC Client Side Extension for Group Policy).
What you will see from us this year is continued innovation around Group Policy, but also a new focus on solutions to help you make the transition to, and be more productive with, DSC. In the coming months, look for some cool new solutions to help you better manage configuration across your Windows infrastructure. We’ll also continue to release free tools to help you make transition to DSC where it makes sense, to better configure your Windows servers.
We’ve also made subtle changes in the way we talk about what we do here at SDM Software–we are no longer just “Group Policy Experts”–but rather “Configuration Experts”. It’s a small but significant change, which underscores that we view our strengths in helping you better manage, report on and audit configuration across your Windows systems, regardless of the technology you plan to use.
We look forward to showing you all that we have planned for this year! Here’s to a highly configurable 2016!