Yes, it’s a challenge to manage a number of computers. No, there’s no magic wand yet that you can wave over a machine – or a whole network – to make configuration changes. But yes – there are alternatives to the group policy management approach.
Group policy is one way of managing user access across many machines on the same network. According to Microsoft’s “Group Policy for Beginners,” group policy is the way most IT managers maintain settings on multiple devices connected to their networks. Group policy utilizes collections of settings called group policy objects that enforce configurations for the user accounts and devices under their control.
Although GPOs can be organized to manage settings for both small and large networks, group policy has a few notable disadvantages. Especially for larger networks, organizing a large number of GPOs can become cumbersome, according to a WindowsNetworking article. Group policy can become a complicated web of OUs, users and devices, and, even in simpler environments, it can be difficult to identify which sets of policies apply to which device.
The issue is made more complex by the fact that there isn’t a one-size fits all GPO solution. What may work on one network might not work on another, and configuration mistakes can cause group policy to be ineffective or not work at all. Group policy is certainly a viable solution, but it isn’t the only way network managers can control user activity.
Usage Monitoring
Monitoring software provides a good starting point for managing behavior. Monitoring solutions come with a wide range of functions. Some provide simple functionality such as detailing which applications and webpages are being opened. Other solutions combine with management tools to provide network managers with remote access to individual devices. Usage monitoring is a good supplement to group policy, but, if you’re still concerned about security, you’re right! IT managers still need a way to protect their devices from configuration changes and malware downloads.
Deep Freeze: An Option to Protect Configuration Settings
One of the other drawbacks to relying on GPOs is their restrictiveness. For example, what if you want to lighten the restrictions for one machine temporarily? Using group policy, you would have to find and alter the GPO that controls what you want to change for that machine. Having to go through that process with multiple machines could create a headache.
Deep Freeze offers a flexibility advantage by solidifying configuration settings in a saved state. Users can download and change computer settings as much as they like, and Deep Freeze will return the device to its predefined settings on reboot. There’ll be less fallout from altered configuration settings and unauthorized programs ending up on the system because potentially harmful programs won’t be there when you restart the computer.