Desktop Management tools and features available for managing Windows XP Professional based clients differ depending upon whether the Windows XP Professional desktop operates exclusively in an Active Directory environment or in other network environments. IntelliMirror management technologies rely on Group Policy and most also require Active Directory; both are available in Windows 2000 Server environments. Group Policy requires Active Directory.
In an environment without Active Directory, you can use a variety of tools, such as Systems Management Server (SMS) for managing software distribution, the Internet Explorer Administration Kit for managing Internet Explorer settings, and System Policy for managing registry-based settings. In addition, each local computer has its own local Group Policy object (LGPO), regardless of whether it participates in a domain. While it is possible to set a variety of settings by using the LGPO, note that System Policy scales more easily to a large number of clients. The LGPO can be useful if you only need to apply certain settings to a small number of Windows XP Professional based clients in a Windows NT 4.0 or other domain.
Group Policy refers to policy that relies on a hierarchical targeting mechanism based on Active Directory. Group Policy does not include the Local Group Policy object (LGPO), which is specific to each individual computer rather than to objects in Active Directory. Because LGPOs cannot be managed through Active Directory, they must instead be managed on each computer.
For Windows XP Professional desktops operating in other environments, such as Microsoft Windows NT version 4.0, Unix, or Novell, or in a mixed environment, many desktop management capabilities and tools differ. Table 5-1 summarizes the differences in desktop management tools and functionality between Active Directory and non Active Directory environments.
Management Task | Active Directory | Non Active Directory |
---|---|---|
Configure registry-based settings for computers and users. | Administrative Templates deployed using Group Policy. Administrative templates deployed using local Group Policy object (LGPO). | System Policy LGPO |
Manage local, domain, and network security. | Security Settings deployed using Group Policy. Security Settings deployed using the LGPO. | LGPO |
Centrally install, update, and remove software. | Systems Management Server (SMS). Group Policy based software distribution. | SMS |
Manage Internet Explorer configuration settings after deployment. | Internet Explorer Maintenance in the Group Policy MMC snap-in. Internet Explorer Maintenance deployed using the LGPO. Internet Explorer Administration Kit (IEAK). | LGPO IEAK |
Apply scripts during user logon/logoff and computer startup/shutdown. | Logon/logoff and startup/shutdown scripts can be centrally configured using Group Policy or independently through the LGPO. | LGPO |
Centrally manage users folders and files on the network. | Folder Redirection in conjunction with Offline Files and Folders. | System Policy Manipulation of registry settings |
Centrally manage user settings on the network. | Roaming User Profiles. | Roaming User Profiles (for Windows domains) |
You can also manage Windows XP Professional desktops on Unix and Novell networks by using standards-based protocols such as TCP/IP, Simple Network Management Protocol (SNMP), Telnet, and Internetwork Packet Exchange (IPX). To enable policy-based administration on Unix and Novell networks, use a local Group Policy object or System Policy.