Group Policy Management Tools

Before we get much further into the chapter, it’s important to introduce some alternative management tools that will be used throughout the remainder of the book to administer GP.

Although the Group Policy Object Editor you access from within Active Directory Users and Computers is sufficient for managing a small- to medium-size deployment with a few GPOs, it is woefully inadequate at managing a large-scale GP deployment in a bigger organization. To answer this need, Microsoft created the Group Policy Management Console (GPMC) and released it just after Windows Server 2003 was released to manufacturing—this is why the GPMC isn’t included on the Windows Server 2003 distribution CD, at least at the time of this writing. (More about this tool is coming up in the next section.) Also, several third-party tools are available to assist you in managing GPOs, their scope and effect, and their application, including the following.


FAZAM tracks changes to GPOs, provides version control for GPOs, allows new or changed GPOs to move into production only after being tested and approved, eliminates the risk of making changes to a live production environment, handles multiple users making simultaneous changes, and enhances GPO administration delegation. However, there are reports that this tool does not work well with Windows 2000 and is fully functional only on Windows Server 2003. FAZAM is available at

NetIQ Group ...

Get Learning Windows Server 2003 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.