Friday, June 10, 2011

Group Policy vs Scripting. Version 2011

I know I repeat myself quite a bit.  My kids tell me that.  My wife tells me.  My dog tells me as well.  That’s ok.  Sometimes things need repeating.

I’ve worked with scripting and programming, in various languages and on various platforms, for about 22 years now.  I still do a lot of scripting and code development for servers, desktops, web applications, infrastructure, and just for the hell of it.  Ok, at times it’s a lot of for-the-hell-of-it, but that’s ok, since I have no life whatsoever it makes me forget that while I curse and swear at my screen.

So why does it freak out my colleagues when I respond to most questions involving automation with “have you looked at using Group Policy?” ?  Or when someone says “I need to push out this registry/file/shortcut/scheduled task/drive mapping/printer mapping/environment variable (or whatever) to 50,000 computers by tomorrow!” and I say “Group Policy Preferences” and slurp the bottom of my cup through the straw loudly without blinking.

Yes.  Group Policy, and the newer Group Policy Preferences extensions, are better, easier and quicker to use for solving most sys-admin problems than scripting.  There are exceptions of course (hey, EVERY rule has exceptions), but they are rare.  To sum it up in the simplest “general rule”:

- If you need deploy or push a configuration change “outward”, use GPO or GPP

- If you need to collect something or some things from desktops and servers, use scripting (or System Center Configuration Manager 2007)

Does that make sense?  Again: this is a general rule, and it applies mostly to environments with Windows Vista or Windows 7 and Windows Server 2008 or 2008 R2.  However, there are extensions for GPP to run on Windows XP and Windows Server 2003 (eeew!).  I say “mostly” because even though GPP is applicable to XP/2003 and newer versions, there are hundreds of base-level Group Policy Object settings which are only applicable to Vista/2008 and newer versions.  Since nothing works in a vacuum, it really takes a comprehensive approach to judiciously leverage GPO settings with GPP to accomplish real automation results.

So, whenever you are facing a task involving the deployment of a configuration change to your environment, always, ALWAYS, consider Group Policy and Group Policy Preferences FIRST.

Post a Comment