The first comment I got on my blog was from Niall Brady on Twitter - who runs windows-noob.com - suggesting to explain what SOE and GPO's are, and although its not as fun as documenting technical solutions, he does have a good point, lets start with the basics.
Lets first start with defining SOE. SOE stands for Standard Operating Environment and as it is very well explained on Wikipedia, this refers to "a standard implemantation of an Operating System and its associated Software".
Basically, in my own words, it is a concept in which a standard is established to ensure that a given class of devices (Desktop, Servers, Laptops, Mobiles, Virtual Desktops, ... ) get the same standardized configuration of their respective Operating System and basic components ( i.e.: Flash player, Adobe Reader, Email client, Web Browsers, Office, ... ). Depending on the thickness of the SOE many or fewer basic components are included in the SOE image.
Now, lets talk a bit about GPO's, GPO stands for Group Policy Objects and those are used to configure and enforce given settings (aka. policies) in the Operating Systems and applications.
Policies can be enforced locally for devices that are in Workgroup in which case Local GPOs are used; or centrally for devices that belong to a domain in which case we simply refer to them as GPOs.
By enforced we understand that a user is not able to modify the setting put in place by the GPO and even when using work arounds - like modifying the registry - those settings are re-applied on the next GPO refresh cycle or when the device is restarted.
With Windows Vista/Server 2008 Microsoft also introduced Group Policy Preferences which gives the flexibility to set prefered settings but give the users the option to change those to their liking.
By using SOEs and GPOs in a domain environment devices can be administered centrally, The user experience and company policies can be set and globalized.
In a Workgroup environment they can be used to harden the security of a pool of computers or simply set a standard however those devices cannot not be centrally managed.
Microsoft has also developped a number of tools that helps implement the concept of SOE's on large scales such as MDT (MS Deployment Toolkit) to capture and deploy Standard Images of a given Operating System; SCCM and the whole System Center suite which includes the same functionalities as MDT with many added features such as Software and Patch deployment and administration, reporting, ... Other vendors are also providing platform administration solutions BMC, Altiris, Landesk, ...
Well, that's it for today, I hope you enjoy the article and I look forwards to getting some comments !
No comments:
Post a Comment