The Upgrader's Guide to Group Policy and Active Directory

Uploaded on

Serious migration to Windows 7 is under way. By the beginning of 2012, Windows 7 will be running on more than 40 percent of PCs worldwide, according to the …

Serious migration to Windows 7 is under way. By the beginning of 2012, Windows 7 will be running on more than 40 percent of PCs worldwide, according to the
latest research. By taking advantage of advanced features and functions in Group Policy and Active Directory, IT pros can make the transition smoother,
improve the user experience, enhance security and generate significant cost savings. Here’s what you need to know to get started.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. The Upgrader’s Guide to Group Policy and Active Directory Serious migration to Windows 7 is under way. By the beginning of 2012, Windows 7 will be running on more than 40 percent of PCs worldwide, according to the latest research. By taking advantage of advanced features and functions in Group Policy and Active Directory, IT pros can make the transition smoother, improve the user experience, enhance security and generate significant cost savings. Here’s what you need to know to get started. Contents What’s Available to Upgraders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Taking the Upgrade Path Taking the Upgrade Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Brought to you compliments of: If you’re like most IT shops, you’re either in a full Windows 7 upgrade mode or about to embark on that path. According to research from Gartner, about 30 percent of organizations surveyed said they were starting migration to Windows 7 in the first half of 2011, and nearly 50 percent said they were starting in the second half of the year. The sense of urgency is becoming more intense as the days count down to the end of XP support in April 2014. As part of the migration, it’s also likely that you are considering whether to upgrade your server infrastructure as well as your client devices, either across the entire organization or for strategic applications, departments or users. For most organizations, there’s good reason to upgrade your hardware: to take advantage of the advanced functionality and features available in Windows 7 as well as the significant improvements in hardware performance, features and security that have taken place during the past three years.©2011 Dell and Intel
  • 2. Back to top Indeed, Gartner’s research shows that Windows 7 will have shipped in 94 percent of new PC systems by the close of 2011 and that more than 630 million PCs powered by Windows 7 will ship during 2011 alone. By the beginning of 2012, Windows 7 will be running on 42 percent of PCs worldwide, Gartner predicts. As more organizations move toward a full or partial Windows 7 upgrade, IT departments are facing a number of common questions and challenges related to the complicated task of manag- ing users. A recent survey by RES Software indicates that the difficulty in migrating user profiles from one operating system to the next is the toughest obstacle IT professionals face in managing their Windows 7 migration plan. One of the most crucial questions is what to do with Active Directory and Group Policy when managing desktops in the face of a Windows 7 upgrade. . Active Directory and Group Policy are two of the most important areas of any Microsoft environment, and they should be a major focus during any migration. In fact, many of the most valuable features and functions in Windows 7 and Windows Server 2008 R2 are found in Active Directory and Group Policy, so upgrading them will be critical. And while experts say some of the upgrade paths will be evident, others may not be as clear. Knowing how to take advantage of the new features and functionality in Active Directory and Group Policy can give IT departments a leg up on their migration strategies and make the transition smoother, giving IT more control over the user experience, creating a more secure environment and generating cost savings through reductions in power usage. Organizations migrating from XP environments, where Active Directory or Group Policy may not have been updated for as many as 10 years, will find these benefits particularly valuable. What’s Available to Upgraders One of the first steps in addressing the challenges of migrating users is to get a handle on some of the advances in functionality available in both Windows 7 and Windows Server 2008 R2 that will support and enhance your migration and provide you with benefits in managing your users once the migration is complete. Among some of the more important changes in Active Directory and Group Policy are: • An upgraded Group Policy Management Console (GPMS) that features new filters for Windows 7 Remote Server Administration Tools. While Active Directory RSAT tools will work with Windows Server 2003 and Windows Server 2008 domain controllers, some features — particularly the Active Directory Recycle bin — will work only with Windows Server 2008 R2. According to Jeremy Moskowitz, Microsoft Group Policy MVP, one of the advantages of the updated GPMS is the ability to use filters to define the criteria you want to use to find just the Administrative Templates Group Policy settings you want. It’s important to note that migration is not just about upgrading your client devices to Windows 7. A successful migration will also require upgrades at the server level as well, if you have not already upgraded to Windows Server 2008 R2. • Advanced management of remote devices through PowerShell, which is enhanced in Windows 7 and Windows Server 2008 R2. Administrators can now specify PowerShell scripts as either logon or logoff scripts or startup or shutdown scripts, depending upon2 ©2011 Dell and Intel
  • 3. Back to top whether they are specified for the user or the computer. To take advantage of this feature, the target machine must be Windows 7 or Windows Server 2008; older machines are not valid targets and do not run PowerShell logon, logoff, startup or shutdown scripts. An arti- cle in Microsoft’s TechNet Magazine notes that the single most important skill a Windows administrator will need in the coming years is proficiency with Windows PowerShell. Since PowerShell Version 2 is enabled by default in Windows 7 and Windows Server 2008 R2, the article recommends that IT administrators plan on installing PowerShell V2 on all of their remaining servers and desktops so they can use one script technology to manage the entire fleet. • Stronger security features that enable administrators to create and use Starter Group Policy Objects with a more locked-down approach when appropriate. Firewalls can be configured by Group Policy, and the firewall in Windows 7 is far more flexible and robust than the one in XP. AppLocker and BitLocker are important features that enable IT administrators to restrict applications and manage security on desktops, and both of these functions can be managed through Group Policy. AppLocker helps reduce administrative overhead, making it easier for IT to control how users can access files, including the assignment of rules for groups or individuals and the creation of exceptions to rules. BitLocker has been enhanced on Windows 7 with BitLocker To Go, which provides encryption to portable storage devices such as USB drives and external hard drives. • IT management control has been bolstered with the addition of approximately 300 new policy settings for Windows 7 and Windows Server 2008 R2. Among these are new Group Policy settings for powering desktops and laptops, which can save organizations thousands of dollars a year, according to Microsoft. Active Directory in Windows Server 2008 R2 now also allows granular auditing, which reduces the volume of security logs and enables the use of read-only domain controllers for security in branch offices. The features mentioned above are representative of the additional functionality available in Windows 7 and Windows Servicer 2008 R2, but they are really just a starting point. As you go through the process of migrating and upgrading your clients and/or your servers, you will want to work closely with your technology partners to understand what Group Policy and Active Directory features will be most useful for your particular environment. Taking the Upgrade Path In order to take advantage of many of the new features and functions available in Windows 7 and Windows Server 2008 R2, IT will often be required to make changes in their Active Directory environments. If you are upgrading from XP to Windows 7, as are most IT organizations, it’s important to note that Group Policy Preferences are built in to Windows 7. For many organizations, Group Policy and Active Directory haven’t really been addressed for many years. But with the migration to Windows 7 and the advanced functionality now available, it is a compelling opportunity to upgrade, adjust and enhance the security, control and manage- ment of your client infrastructure. Another important consideration when taking the migration path is the hardware upgrade, both at the server and client levels, particularly if your hardware is more than three years old. While3 ©2011 Dell and Intel
  • 4. Back to top the advanced features and functionality available in the latest versions of Group Policy and Active Directory alone don’t provide enough reason to change your hardware, they are part of an overall roadmap for improving performance, security, productivity, scalability, compatibility and ROI. On the client side, Dell desktops and laptops built on second-generation Intel Core and Core vPro processors enable organizations to run business productivity applications up to 60 percent faster when compared with three-year-old systems, while delivering superior graphics, encryption capabilities and performance for multitasking functionality. In addition, upgrading your hardware while migrating your software can ease compatibility issues, ensure that you have the proper drivers in place and provide users with immediate and perceptible improvements in performance and productivity. Windows 7 will require more memory and performance than your existing platforms, particularly if you are migrating from XP, so the sooner you upgrade your clients, the sooner you will be able to take advantage of all of the features of Windows 7, including those available in Group Policy and Active Directory. At the server level, as previously noted, there are many advances in Group Policy and Active Directory as organizations move from Windows Server 2003 to Windows Server 2008 R2, including more effective management of remote devices, improved security and greater overall management control over client devices. In addition, organizations looking to Windows Server 2008 R2 as an upgrade path toward a more highly virtualized infrastructure will reap a number of benefits when upgrading their server infrastructure with new Dell servers powered by Intel Core and Core vPro processors, including improved performance and server optimization, reduced power consumption and the ability to achieve ROI in a highly condensed time frame. Conclusion For most IT organizations, here’s the reality: Migration to Windows 7 is inevitable. Support for XP will be ending in 2014, and since most organizations passed on the Vista upgrade, they will have to move to Windows 7, which is a good thing. Why? Because Windows 7 brings a lot of advanced features and functionality to the organization; it will enhance performance, security and business agility; and all of the early reviews of Windows 7 indicate it is the real deal — robust, reliable and secure. If an upgrade to Windows 7 is inevitable, you’ll also need to invest the time, energy and resources into upgrading Active Directory and Group Policy. As already noted, there are a number of features available in Active Directory and Group Policy that will make your client and server infrastructures more secure, more manageable and less expensive to manage and maintain. Using Active Direc- tory and Group Policy strategically will also help in your migration and ease some of the user management issues that are already causing sleepless nights for many IT professionals. The final piece of the puzzle is determining whether your server and client hardware infrastruc- ture should be upgraded as well. The reality is that new operating systems work best on new hardware, and if your hardware is three or more years old, then you aren’t taking advantage of the state-of-the-art performance, security and scalability features available in today’s Dell servers and clients powered by Intel processors. Migration is no doubt a challenge for IT orga- nizations. But doing the job successfully will not only enhance your competitive advantage and increase business opportunities; it will also give you peace of mind.4 ©2011 Dell and Intel
  • 5. Back to top Upgrading Active Directory: One User’s Story So what steps are involved in upgrading Active Directory for Windows 7 and Windows 2008 R2? Here is the experience of one IT professional who wanted to take advantage of the new Active Directory Domain Services available with Windows 2008 R2. Since the organization was migrating to Windows 7 Enterprise, migration to Active Directory for Windows 2008 R2 was undoubtedly the upgrade path, according to Amol Bagayatkar, who wrote a blog post about his experience and outlined some of the steps involved as follows: 1. A few days prior to installing the new domain controller, executed ADPREP to prepare the Active Directory for the upgrade. 2. Installed a new Windows 2008 R2 with SP1 on a Dell server. 3. Added the new server to the existing domain as a member server. 4. Installed Active Directory Domain Services Role. 5. Executed cdpromo to start the Active Directory Domain Services Installation Wizard. 6. Selected Advanced Mode and selected the appropriate options on the next screens. 7. The Advanced Mode allows [administrator] to select DNS and Global Catalog instal- lation options. Selected both options. The setup dialog allows [administrator] to select DC from where it can replicate data. Selected the appropriate DC. Selected the appropriate drives to save sysvol, database and log files. 8. Set the recovery mode password and done. 9. The setup completed successfully and the new DC was ready after reboot.5 ©2011 Dell and Intel