IT admins often wonder if it’s possible to set group policies without Microsoft® Active Directory® (AD). Well, we should point out that Group Policy Objects (GPOs) are a unique feature of Active Directory. However, the function that GPOs play can be accomplished without AD. With that understood, the question then becomes how to set group policies without Active Directory – especially in cross-platform environments. We’ll answer that question in this blog post, but first, let’s talk about what traditional Group Policy is all about.
What is Group Policy in Active Directory?
The Group Policy concept has been a huge success for Microsoft. In fact, GPOs were one of the key features that enabled Microsoft to establish Active Directory as the default directory service solution for IT organizations. Of course, it didn’t hurt that Windows® based IT resources were already dominating the IT space when Microsoft first released AD to the market.
GPOs were used to set password complexity requirements, enforce screensaver locks, disable guest accounts and USB ports, and virtually an unlimited variety of tasks. IT admins relished these capabilities because they could remotely control their Windows machines and enforce policies that would keep their users safe – all while making their lives easier. It was nice while it lasted.
Issues with Active Directory GPOs
As the world started to shift away from Windows in favor of Mac and Linux systems, IT admins were at a crossroads. On one hand, they liked the concept of GPOs. On the other hand, they really wanted the ability to set group policies on Windows, Mac, and Linux machines – just without AD. The latter wasn’t possible without the help of third party, enterprise grade systems that offered GPO-like policies for Mac and Linux (e.g., Identity-as-a-Service). But that meant IT admins had to deepen their investment into AD and on-prem.
To be fair, IT admins never really had a choice to begin with (until now). Active Directory has essentially been the only game in town for nearly two decades, after all. Now, however, a new (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/set-group-policies-without-microsoft-active-directory/