Group Policy – Scaling without Increasing Cost

It’s no secret that when a company grows, costs rise. One simple reason might be payroll. Another might be the need for more space or additional resources. In the Microsoft suite of tools there is something called Group Policy (GPO). Simply put, this is the ability to impose security and workflow disciplines in an environment. This can be done on both a machine and user basis, and can also be grouped. Here are a few examples:

Rerouting ‘My Documents’ to a Server: At the end of the day, if a PC crashes or a laptop is stolen, what happens to the documents on it? If they were not rerouted to the server, you had better hoped they were backed-up, although this is not the case. This tends to result in some angst and anxiety as folks grapple with data loss or worse yet, possible exposure of confidential company and customer data. Had ‘My Documents’ been rerouted to the server, no such exposure would have resulted.

Mapping a Share: This can be done on individual or global levels. It means that you can maintain uniformity in your outfit, so that “Drive K” on one computer actually refers to “Drive K” on anyone else’s computer that has permissions to this share. Additionally, you can have folks that can “view only” separate from those that can “Edit, Create or Delete”. The name of the game here is to give permissions as required, but not excessively as that creates exposures.

Assigning or Replacing a Printer: Say 50 people are individually mapped to an “All In One” machine that performs copying, printing and faxing. But alas, it’s at “End of Life” and they gave you a smoking deal on a new one that does twice as much in half the time! You have two choices here. You can visit 50 desktops or you can push out the new machine with a few clicks and voila, everyone has it nearly instantly.

Preventing Unauthorized USB Devices: These USB drives are great. But when trying to contain internal security and folks taking confidential data offsite, these are among the greatest of liabilities. You can lock it down so that no USB mass storage devices are allowed, perhaps except for a few authorized individuals. Again, it’s not looking for bad, it’s about protecting the mother ship.

Forcing Password Changes: We see more Post-It notes than you can imagine with passwords. Moreover, these passwords are rarely changed. These should be changed either every three to six months or when a security breach is encountered, especially if you have systems that are accessible remotely. Group Policy makes this automatic.

Forcing New devices to have Anti-virus Software before allowing Network Access: We love this one, as folks tend to accidentally bring in infected devices, including MACs, which sometimes are not affected, but are quite effective as ‘carriers’. Regardless, we have the ability to ‘force’ compliance to ensure that those new devices requesting access to your network are compliant before they are allowed to touch any data.

Distributing New Application Versions: A new version of a client/server application is released, but now comes the laborious task of loading on 30 PCs or so. Never fear. If there is an install package, often times referred to as a MSI (Microsoft Installer) package, it likely can be distributed automatically.

At the end of the day, there’s a reason you’re on a Microsoft Network. What is key is to leverage that the functionality so it earns its keep – like the rest of us!

Ed

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s