Page 1: How IT Geeks Can Show Value(GPanswers and PolicyPak)

For more information on any of our classes, please call 302-351-8408, or visit us online at

How IT Geeks Can Show Real

Value in any Economy

By Jeremy Moskowitz &

Page 2: How IT Geeks Can Show Value(GPanswers and PolicyPak)


For more information on any of our classes, please call 302-351-8408, or visit us online at

You simply can’t miss it. If you’re here in the US, or living in another country, the current US economic downturn has everyone from the CEO to the guy next to you in the cafeteria line saying that “the sky is falling.” If you hear this enough times, it can sink in and start to make a normally secure person start to feel insecure. This can be a worrisome time for IT geeks. Will you be keeping your job? Should you start looking for a new job? One article from CIO magazine entitled "Is it a good idea to change jobs during a recession?" by Meridith Levinson might be helpful for you. You can find the link at Whether you change jobs or stay put one thing is certain. You’ll still need to perform. And, you'll need to add and demonstrate increased value whenever possible. An economic downturn means that we all have to show our strongest assets right now and demonstrate that we can grow quickly to fill any gaps left by others whether they leave the company due to greener pastures, or due to downsizing. Put yourself in your managers' shoes for a moment. Aren't they just trying to do what's best for the company? They simply want to ensure that they're doing all they can to save time and money where possible, and to help maximize their current investments in technology and in what you bring to the table. Whether this is day one at a new job or day one thousand, you’ll need to add value and continually show that you’re making progress where things really matter. Show the boss that you're actively contributing to savings on the bottom line, and you'll be remembered the next time things start looking up. In times of economic downturn, managers aren’t likely to start up entirely new projects, kick-off stopped or stalled projects, or dabble with untested technologies. That’s good news for you, because recently one technology has really come alive with renewed superpowers: Group Policy. Think about it: Group Policy is something your organization is already using. You won’t have to spend a dime to “spin it up,” get any extra, specialized servers up and running, or roll it out to your client computers. You’re already using it.

Some people reading this short paper might be rolling their eyes and thinking “I’m NOT using Group Policy.” But indeed you are. All Active Directory environments ship with two built in Group Policy Objects that control important items like password length and strength and a host of other domain-defining essential characteristics. The rest of you know the power that Group Policy can bring: dictating look and feel settings for the desktop, ensuring that security settings stay set, and keeping data safe. But I challenge everyone to ask themselves an important question: “Am I maximizing my use of this free technology I already have?” Only a handful of people can definitively say “Yes.”

Page 3: How IT Geeks Can Show Value(GPanswers and PolicyPak)


For more information on any of our classes, please call 302-351-8408, or visit us online at

If there’s any doubt, you could consider it “lost money.” There are three areas you should consider focusing on to see if you can reclaim your company's “lost money.”:

Automation Security Tools

Automation If you still run around from machine to machine to configure a desktop, its applications, the application settings, security settings, drive maps, shortcuts, registry settings, and the like, you’re simply wasting time and money. It could be argued that anytime a user calls the helpdesk for help when the issue could have been solved by some automated process, then you are simply bleeding dollars from the bottom line. Dollars that your IT department cannot afford to be losing. If someone on your IT staff should leave for another job, would the current staff be able to handle the resulting workload? Oftentimes, the answer is a clear “No.” And doing everything you can now to ensure a smooth automated rollout of the desktop, desktop applications, applications’ settings, and the desktop attributes shows the boss you’re thinking about automation now, instead of remediation later. Cure problems before they happen, using technology you already have. Group Policy’s main goal in life is delivering settings in a consistent manner. The “engine” is already deployed on every Windows machine. And each iteration of Windows has more possible ways to get things automated. The recent addition of the Group Policy Preferences (GP Prefs), which is available for Windows XP and later adds 21 whole categories of things that can be automated. The only downsides to using the GP Preferences are:

They need to be deployed to target machines before use

That they don’t function like the original Group Policy set. The user interface is different, the settings are different, and they don't act like the same.

Neither of these are truly downsides. They're just small issues that need to be dealt with before their powers are widely used. The clearest advice I can give you is this: try to fully understand the Group Policy Preferences before engaging them. This is strongly advised, as Group Policy Preferences (as well as the original Group Policy set) are incredibly powerful technologies, and recovering from a misfire could be detrimental to your job, your users, and your company. You don't want to have to explain to the boss and higher-ups why 5,477 computers need to be remediated after implementing (what was to be) a simple function.

Page 4: How IT Geeks Can Show Value(GPanswers and PolicyPak)


For more information on any of our classes, please call 302-351-8408, or visit us online at

The best news is that mastering the new power of the Group Policy Preferences is

within your reach. Resources at and other sources are here to help you become immediately fluent in this updated technology. Once you learn to harness the power, you'll be performing and hitting the goal at hand: automation. You'll save money, time, and running around because you'll be able to "pre-set" configuration items across your workgroups and ensure that your users are ready to work the moment they log on. Security There is no argument that security is more important than ever. But what “security” is to one IT geek (or manager) might mean something completely different to another IT geek (or manager.)

Security doesn’t mean simply “patching.” Yes, you should keep your security patches up to date, but that’s only the beginning.

A patch isn’t going to protect you from inadvertent file deletion. A patch isn’t going to protect you from a data breach. A patch isn’t going to protect you from someone inside the company who

wants to harm your company (perhaps due to layoffs). The best time to increase security is right now, before the threat happens, and not after the attack when everyone is reading about your company’s trouble in the newspapers. Group Policy has a myriad of built-in security features ready and waiting to be utilized properly. From setting up NTFS permissions to setting password strength,

enabling file auditing, locking out USB memory sticks, and more, Group Policy is your silent partner in ensuring users’ safety on your network and in making sure your data is safely maintained on your network. Again, I would caution that strong, automated security powers require a firm understanding before deploying. Always test out security functions in a safe way, such as in a test lab, first to ensure that what you’re expecting to happen on your clients is what’s actually happening. Indeed, to be a great security administrator, you need to at least be a good Group Policy administrator. And the great Group Policy administrators already know the breadth of power Group Policy can provide -- on the desktops, servers, and laptops, and for ensuring overall security.

Closing the Gap: Training and Tools You likely have a gap in your automation, security, and rollout practices. Yes, the native Group Policy toolset can do a huge amount. And the new Group Policy Preferences can add a whole lot, too. But there is still “The Gap” that needs to be closed.

Page 5: How IT Geeks Can Show Value(GPanswers and PolicyPak)


For more information on any of our classes, please call 302-351-8408, or visit us online at

The blue curve represents what can be done using the original set of Group Policy.

The red curve represents what can be done using the new set of Group Policy Preferences. But notice the gap between the two curves.

The gap is anything that you’re not doing to streamline your processes. You need to close the gap and make your processes more optimal and less manual. Oftentimes, the gap can be flattened – helping to close the gap. Helping close the gap is easy. With some training in the technology, you can, quite literally, bridge the gap, as seen here. Once you’re trained to use the technologies you already have, you’re able to make the gap smaller. You'll be able to do more -- a lot more -- with the tools you already have and immediately do less running around. Once you fully understand how to use a circular saw, a hole saw, and a nail gun, you can build your next house faster (instead of putting a nail through your foot). Once you understand the 18 original Group Policy functions, the 21 new Group Policy Preferences functions, and how they apply to your machines, you can perform your next rollout and implementation faster (instead of, perhaps, putting a proverbial nail through your foot).

Not to sound too “commercial”, but if you’ve ever considered intensive training, now would be a good time. Specifical-ly, with a low investment, you get a very high return. Many administrators have gone on record at and have described their return on investment as "Occurring within a matter of hours of being in the training class." The results achieved could have a lifetime of im-pact on your network and your team efficiency as a whole.

Page 6: How IT Geeks Can Show Value(GPanswers and PolicyPak)


For more information on any of our classes, please call 302-351-8408, or visit us online at

Sometimes the gap cannot be closed by training alone. Yes, training will allow you flatten the curve. But completely closing the gap might not be possible without some added help. In your environment, try to picture "the gap" as items that you take on manually. Steps that you're frequently repeating, issues that cause you to run out to the desktop, or problems that require a "one-off" solution. The gap can be times when you set up a wholly different image for a particular team. The gap can be times when you’re writing scripts, ADM files, or otherwise manually creating “one off” and unique techniques to solve particular problems.

Times when people change job roles and you have to manually intervene. Times when only a tool will help you automate your processes, ensure that your running around is minimized, and give you more time to focus on the bigger things. Every company’s gap is going to be a little different. And finding the right tools to help address that gap can sometimes be a challenge. The good news is that Group Policy has a rich history of innovation, allowing third party tools to leverage your existing Group Policy infrastructure, fill the gap, and enable you to eliminate any obstacles to true automation.

Yes, gaps can be minimized with training as we’ve already seen (shown here again for quick reference.) But closing the gap is another thing altogether. It’s up to you to decide how to close this gap.

Here you can see how the gap is closed by "something else," like a third party tool, an in-house application, or ingenious automated solution.

Page 7: How IT Geeks Can Show Value(GPanswers and PolicyPak)


For more information on any of our classes, please call 302-351-8408, or visit us online at

For the purposes of this discussion, let's talk about some third party Group Policy

tools that can help bridge the gap and bring more automation and process to your company. Some third party tools you should check out to help you bridge the gap include:

PolicyPak Professional (Commercial)/PolicyPak Community Edition (Free): Enables administrators to deliver consistent desktop, application, and security settings across their environments. PolicyPak enables adminis-trators to ensure that users’ settings are maintained, even if they try to wig-gle around them. Great for locking down settings for homegrown and com-mercial applications already deployed to the desktop. Learn more at

Specops GPUpdate (Free): Enables you to deploy Group Policy settings when you want to, as opposed to waiting for the computer’s background re-fresh. Learn more at

Specops Deploy (Commercial): Enables you to deploy non-MSI applica-tions, deploy applications to users and computers in the background, and get full reporting about rollouts. Learn more at

SDM Software’s GPExpert Status Monitor (Commercial): A system tray applet to alert users when Group Policy is and is not applying. Also logs to the application log for advanced troubleshooting. Learn more at:

Microsoft’s AGPM (Advanced Group Policy Management) – (Commercial): Contrary to popular belief, this tool does not add additional functionality to the Group Policy “core.” So you won't get any additional functionality directly on the desktop. However, AGPM does enable teams of administrators to put “change management process” around Group Policy management, GPO comparison, and offline creation, editing, and rollback. Learn more at

Learn about other 3rd party tools at Grain of Salt This paper isn't about the merits of Group Policy. This paper is about efficiency; your efficiency and using technology you already have to ensure that you're doing all you can to improve your processes. It's about the gap you have in your process that is keeping you and your team from being as efficient as possible. It's about doing all you can, right now, to lev-

erage as much as possible from your existing technology investment. If you’re already using an existing technology, and it’s working for you – that’s great. Try to work with your whole team to come up with a holistic plan to ensure that the technology you use to manage your desktops, servers, laptops, thin cli-ents, and virtual clients can reach and be extended like an in-the-box solution such as Group Policy.

Page 8: How IT Geeks Can Show Value(GPanswers and PolicyPak)


For more information on any of our classes, please call 302-351-8408, or visit us online at

Leverage free and classroom-based training opportunities that are available to you. Same with tools: free tools can help minimize the gap, and commercial tools can often fully bridge that painful gap you have that’s keeping your team from reaching its fullest potential. When the economy takes a downturn, IT geeks must be vigilant. Your boss ex-pects you to squeeze as much as you can from your current budget. If you’re ready to do more with less, take the time to really analyze the gaps in your cur-rent processes. Then take action to minimize the gaps. That’s the true way to enhance your processes, save money, and show the boss

you’re providing real value. You're an IT Geek. You can do it.

Page 9: How IT Geeks Can Show Value(GPanswers and PolicyPak)


For more information on any of our classes, please call 302-351-8408, or visit us online at

You can’t predict what will happen in times of economic downturn, but you can and should take steps to ensure that you’re doing everything you can to focus on streamlining process-es and making sure your boss knows that you’re doing what you can with the tools you al-ready have. Here are the key takeaways from this whitepaper:

Automate, automate, automate! Minimize repetitive tasks that pull you away from your desk and burn valuable work hours. Don’t go at it alone: Take training. The relatively smaller amount you’ll spend on train-ing, such as a class from will save your company tons on the bottom line. Take advantage of the tools you already have. Show your boss that you’re a true MacGyver—taking whatever you have available and making magic. Focus on security. Learn to prevent breaches before they happen, which will save your company money—and make you look good! Think about third party tools, like the free edition of PolicyPak. There are lots of tools out there—many free—that can save you time and make your life so much easier! For more information, visit us at: and

Final Thoughts from Jeremy Moskowitz, Group Policy MVP