Most “systems management” utilities do a great job at delivering applications themselves. But, ask yourself if your systems management software does a great job at: Delivering applications’ settings (not just the application). Graying / removing the UI to prevent users working around settings. Performing true lock-down on those settings (registry and files). Auto-remediating the applications […]
Category: Support & Sharing
I use a “Group Policy Change Management tool” (like Microsoft AGPM, NetIQ GPA, or Quest GPOadmin).
AGPM, GPA and GPOadmin are great utilities to handle the workflow around Group Policy management. That means you can manage multiple administrators when they all try to work at the same time. But, to be super clear, these kinds of tools don’t add any “super powers” to your Group Policy infrastructure. You don’t suddenly get […]
I use a User Environment Management (UEM) or other “Roaming Profile” tool like fsLogix Profile Containers.
User Environment Management tools do a great job at two things: They make logging on faster because user’s whole roaming profiles aren’t downloaded all at once and They trap users’ changes so they can cleanly roam from machine to machine (VDI to real, desktop to laptop, etc.) and keep the settings that users have changed […]
I use “pooled” or “non-persistent VDI”, so when people reboot all settings go away. I also use “VDI Personal Disks” (e.g.: Citrix Personal vDisk, VMware Persona, or Microsoft VDI “Personal Profiles”).
Actually, with VDI (of any flavor) you need PolicyPak even more. Let’s break this down into three things for VDI administrators to think about: You want to make a setting change to the image itself Every time you want to make a change with VDI, you have to take your image offline (usually) modify the […]
I subscribe to MDOP (Microsoft Desktop Optimization Pak).
Microsoft MDOP’s suite of tools has six components. PolicyPak actually doesn’t “complete” or overlap with any of them. Some people have said the PolicyPak is “the missing MDOP tool.” So much so, that PolicyPak opens up a huge variety of new scenarios when used in conjunction with Microsoft’s MDOP suite as follows: Microsoft AGPM (Advanced […]
Read More… from I subscribe to MDOP (Microsoft Desktop Optimization Pak).
I use Deep-Freeze or other “Reboot to Recover” products.
Disk restoration solutions such as Deep Freeze are great solutions to a wide range of problems which can regularly occur on networks, like user modifications and deletions, desktop and config changes, registry hacks, or other security risks – even viruses and malware. Just hit restore, and the problem disappears as the previous state of the […]
Read More… from I use Deep-Freeze or other “Reboot to Recover” products.
I use an application whitelisting solution (like AppLocker, BeyondTrust Privilege Manager, Bit9, Viewfinity Application Control, Faronics Anti-Executable).
Whitelist solutions and PolicyPak don’t try to accomplish the same goal. Let’s understand the goals: Whitelist solutions will stop applications from running AT ALL on your Windows 7 and later machines. This is great if you want to prevent the your users from running unsupported applications or prevent your users from running applications from the […]
I use another “least privilege” user management tool (i.e.: BeyondTrust PowerBroker, Avecto Privilege Guard, Viewfinity Privilege Management or Quest Privilege Authority).
PolicyPak has its own component: PolicyPak Least Privilege Manager. And our customers love it. But if you’re already invested in another least privilege tool, and don’t wish to retire it, then, that’s fine. PolicyPak’s other components will work alongside it. […]
