Group Policy Alternatives: Part 2

In the last article I discussed some of the reasons that Group Policy, a configuration solution that was perfect for organizations with a single OS desk bound fleet of computers in the early 2000s may not be the best solution for an organization with a heterogeneous OS mobile fleet of computers in the mid 20-teens.

So what are the alternatives to using group policy for client configuration management if you do have a group of mobile computers running a variety of operating systems?

In terms of device configuration management, System Center Configuration Manager can manage the configuration of clients on premises and also includes internet based client management functionality that allows management of clients on the internet. Windows Intune, which can be used separately or integrated with Configuration Manager, can also be used to perform client configuration management.

While neither product offers all of the options for client configuration that group policy does, both solutions allow management of clients that are not joined to a domain and which may be running operating systems other than Windows. However that may change as the functionality, especially of Intune, is evolving at a rapid rate. (Sure to catch up with group policy it will need to keep going for some time, but given the speed at which group policy is moving …)

Desired State Configuration may also be something to watch out for in the middle-distant future. DSC is a somewhat PowerShell based tool that still in its early stages. At the moment it is primary a tool for managing the configuration of servers. While it hasn’t really been extended into the space of managing the configuration of clients, it is not entirely impossible that this functionality might one day evolve to the point of being a useful and reliable client configuration management tool. This is all speculation on my part, but it seems that as we move towards the DevOpsy mantra of “configuration as code” – this mantra would seem to be likely to (enough qualifiers yet?) naturally percolate down to “configuration of client computers as code”.

In the third party realm there are tools like PolicyPak Cloud (www.policypak.com) which you can use to manage domain joined, non-domain joined, and remote computers using the majority of the settings available in group policy (including admin templates, preferences, security settings, and application settings). I’ll be covering PolicyPak  at some point in the future, but you can get an idea of how it all works by consulting the following web page: http://www.policypak.com/products/policypak-suite-cloud-edition.html

For organizations moving away from managing Windows XP computers using group policy hosted of servers running Windows Server 2003, the evolving dynamic workplace computing environment will be a very interesting place.