Windows Management with MDOP

Previously in this blog, I’ve described how Microsoft® Application Virtualization (App-V) and Microsoft Enterprise Desktop Virtualization (MED-V) can not only help streamline the deployment of the Windows® 7 operating system but also help simplify the maintenance of the desktop environment after deployment. These are definitely big products, and they offer a huge potential to save you time and money. These are also the products that first pop in to many people’s minds when they think about the Microsoft Desktop Optimization Pack (MDOP).

MDOP is more than just App-V and MED-V, however. Advanced Group Policy Management (AGPM) and the Diagnostics and Recovery Toolset (DaRT)—also part of MDOP—are no slouches. In fact, considering how little time and effort it takes to deploy both of these products, and how easy they are to use, they offer a pretty big bang for the buck. Put another way: Their return on investment is huge.

Advanced Group Policy Management

In terms of the Windows 7 deployment lifecycle, AGPM fits neatly into the maintenance phase—or Operate phase, in Microsoft Operations Framework parlance—of the deployment project. Most likely, you’ll be working with Group Policy after deploying Windows 7. Why not use the opportunity to take control of your organization’s GPOs by using AGPM?

All IT pros are aware of Group Policy, but if you’re moving from Windows XP to Windows 7, you might not know how far along it’s come and how great a tool it can be for managing your environment. By using Group Policy, you can define settings for Windows to enforce. For example, you can configure and deploy power-management settings to the computers in your organization, preventing users from changing those settings. Of course, most IT pros think of security settings when they think of Group Policy, and Group Policy certainly gives you a lot of flexibility and control of those settings, too.

Group Policy isn’t just a terrific way to enforce configurations, though. Because it enables you to configure user and computer settings automatically, it’s also a great way to get closer to the dream of replaceable PCs. Group Policy preferences bring you even closer to that dream, letting you manage settings, files, printers, and much more. You can even choose whether to enforce those settings or allow users to change them after you’ve configured them (hence the name preferences).

On its own, Group Policy is an excellent infrastructure for managing your environment, but Group Policy doesn’t provide many features for managing itself. It doesn’t provide a role-based workflow. That is, Group Policy doesn’t have a formal, built-in edit, review, approval, and deployment process.

AGPM adds the missing role-based delegation to Group Policy. You can delegate reviewer, editor, and approver roles per domain or per GPO. Additionally, AGPM gives you a workflow to manage the creation, editing, and deployment of GPOs in production. You can even edit and test GPOs offline, in a test lab, then easily move those GPOs into production and deploy them. Of course, AGPM provides version control for GPOs. Not only does version control let you audit changes, it also lets you quickly roll back changes that fail in production.

Diagnostics and Recovery Toolset

DaRT fits as well in the deployment phase as it does in the maintenance phase of a Windows 7 deployment project. Throughout the development of Windows 7, Microsoft focused closely on the fundamentals. As a result, Windows 7 is a very stable and reliable operating system, but even the most stable operating systems have issues from time to time. During deployment, you can use DaRT to troubleshoot computers that won’t start. After deployment, you can use DaRT for additional troubleshooting, as necessary.

DaRT is very easy to set up. It doesn’t even leave a footprint on your infrastructure. You install DaRT on your desktop computer, create boot media, then use that boot media to start computers that you’re troubleshooting. For example, if a computer fails to start because of a faulty device driver, you can start the computer with DaRT (leaving the installed Windows operating system offline), use the Crash Analyzer tool to find the faulty device driver, and use Computer Management to disable the device driver. Then, you can start the installed Windows operating system on the computer.

And troubleshooting computers that fail to start isn’t DaRT’s only capability. DaRt includes a number of tools that are useful when you want to work offline. For example, you can use DaRT to scan a computer for malware, recover deleted files, or disable unwanted services. Suppose a user has forgotten the password for a local account. You can use DaRT to reset that password.

Getting started with both AGPM and DaRT is simple. In fact, I encourage you to give both a try in a test environment. You can easily evaluate both products by using virtual machines. Existing MDOP customers can download AGPM and DaRT as part of MDOP at the Volume Licensing Service Center (VLSC), MSDN®, and TechNet. You could be up and running with each in under an hour.