The concept of outsourced GPOs (Group Policy Objects) has been a hot topic for IT admins in recent years. GPOs are one of the key functions of Microsoft® Active Directory® (AD) that enable IT admins to manage a fleet of Windows® based systems. The challenge is that AD GPOs require on-prem hardware and they are exclusive to Windows systems. That is why IT admins are so interested in a next generation identity management solution called Directory-as-a-Service® that can provide outsourced GPO-like functions for cross-platform environments.
Characteristics of Active Directory GPOs
Active Directory GPOs are effectively prescribed commands and scripts that enable IT admins to set policies on Windows systems. GPOs can be used to configure a wide variety of system behaviors like screen lock timeout, disabling USB ports, and enforcing software updates, for example. Essentially, AD GPOs allow IT admins to govern how Windows systems will operate.
The key benefit with Active Directory’s GPOs is that they enable IT admins to manage a fleet of Windows systems from one central management platform. GPOs can save admins a significant amount of time by automating routine tasks that they would otherwise have to configure granularly per system.
AD GPOs are certainly a powerful tool for managing Windows systems. However, they are limited in their exclusivity to Windows. AD also requires a lot of on-prem IT infrastructure to operate, which can be a significant barrier for cloud-forward IT organizations.
Of course, these limitations were not considered issues when AD was initially released in 1999 because the cloud didn’t exist and most IT networks were strictly Windows environments. Nevertheless, these factors have become dealbreakers for many organizations as more IT resources move away from homogeneous on-prem networks in favor of diverse (e.g., Windows, Mac, Linux) cloud or hybrid environments.
The good news is that a next generation cloud identity and access management (IAM) platform has emerged that can provide outsourced GPOs for cross-platform IT environments. It’s called Directory-as-a-Service, from JumpCloud, and it has changed the way IT admins think about group based policy management.
Outsourced GPOs with Directory-as-a-Service
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/outsourced-gpos-group-policy-objects/