The Future of GPOs

future of GPOs

IT admins are concerned about the future of GPOs (Group Policy Objects). Why so?

On one hand, GPOs are a powerful and sought after tool for managing Windows®-based systems. On the other hand, modern system environments are heterogeneous (e.g., Windows, Mac®, and Linux®), but GPOs only work for Windows.  

Another cause for concern is that GPOs are typically deployed from the Microsoft® Active Directory® (AD) platform on-prem. Yet, according to a Suse research report, many IT admins believe that software-defined infrastructure hosted in the cloud is the future of the data center.

Of course, there are other factors, but it’s easy to see why IT admins are concerned.

In this blog, we discuss the future of GPOs. But first, let’s talk about the significance of GPOs from a holistic perspective.

What are Group Policy Objects in Active Directory?

Group Policy Objects, or GPOs for short, are essentially commands, scripts, and task execution templates that enable IT admins to remotely manage system policies on Windows devices. IT admins typically leverage GPOs to disable USB ports, configure screen lock timeout, restrict control panel access, and manage a variety of similar policies for enterprise devices running Windows.

The idea behind GPOs was to give IT admins a way to manage their fleet of Windows-based systems with security policies, task execution, and remote system management – all from one centralized management console. In doing so, IT admins could effectively manage groups of systems at once, without having to configure the same policies locally on the system itself.

Where did GPOs come from?

Microsoft debuted their concept of group-based policy management in 1999 with the introduction of the Active Directory platform. Microsoft referred to this concept as Group Policy, and GPOs are the expression of this concept.

When AD was initially released, Windows endpoints represented the vast majority of enterprise systems. This is why the concept of group-based policy management for Windows systems made so much sense at the time. IT admins needed a way to manage fleets of Windows systems from one central location. GPOs made that possible.

Active Directory GPOs Today

GPOs have remained one of the most important and valuable components of the Active Directory platform. In fact, Group Policy functionality is one of the primary reasons why IT organizations continue to leverage the Microsoft on-prem directory service platform in the cloud age.

However, with more Mac and Linux systems making their way into the organization and data centers moving to the cloud with infrastructure providers such as AWS®, Google Cloud Platform(GCP), and others, the traditional concept of GPOs can be limiting.

Limitations of GPOs

While there is no doubt that GPOs are a powerful system management tool, the issue for modern IT organizations is that they only work for Windows-based systems out-of-the-box. The same can be said for the native functionality of the Active Directory platform itself, for that matter.

Of course, this wouldn’t be an issue if Windows was still the only platform in the enterprise system space, and everything was still on-prem. The reality, however, is that modern IT admins want to leverage GPO-like capabilities to manage not only their Windows systems, but Mac and Linux systems as well, and preferably from the cloud.

To be fair, there are third party add-on solutions (i.e., Identity-as-a-Service) that can integrate with the on-prem AD instance to effectively provide the concept of GPOs for Mac and Linux. However, this approach is like putting bandages on broken bones, as it doesn’t address the core issue.

That core issue is, of course, that IT admins want a single, easy-to-use tool for any given function, and they don’t want to be locked in to a toolset that is limited in its cross-platform support. Today, IT needs a more open approach that operates on diverse end user systems, but Microsoft simply isn’t interested in providing support for competing platforms. It makes sense – they are trying to protect their market share, but that doesn’t do IT admins much good who are trying to keep up with a growing and diverse end user environment.

IT admins want a holistic system management solution that can deliver simplicity in an age of complexity. In addition, they want a solution that can help to reduce on-prem identity management infrastructure in favor of a comprehensive cloud alternative that gives IT the flexibility to not only manage Windows systems, but Mac and Linux as well, whether on prem or remote.

In other words, what IT admins really want is JumpCloud® Directory-as-a-Service®.

The Future of GPOs

The JumpCloud Directory-as-a-Service (DaaS) platform is Active Directory and LDAP reimagined – a cloud-based directory for diverse system environments and modern IT networks. Cross-platform GPO-like capabilities, called Policies in JumpCloud parlance, come standard with this next generation cloud directory.

JumpCloud Policies can be used to disable USB ports, configure screen lock timeout, restrict control panel access, and manage a wide array of system policies for enterprise devices just like traditional GPOs. The distinguishing factor is, of course, that JumpCloud Policies work for Windows, Mac, and Linux – without the help of third party tools – not to mention they are also completely cloud-based.

JumpCloud Policies were released in late 2017, so we’re just getting started. However, our cross-platform policies work for Windows, Mac, and Linux systems, and are already helping IT organizations automate in a new and efficient way. Per our customer, Martin Skojec – Vice President of IT and EdgeConneX:

“For EdgeConneX, the biggest benefit is that JumpCloud really works well across all platforms. JumpCloud has made it very easy to apply the same password policies and security policies across Windows, Mac, and Linux systems.”

The list of JumpCloud Policies that IT admins can deploy from the cloud is growing weekly. Further, because the JumpCloud platform lives in the cloud, IT organizations can eliminate the vast majority of their on-prem identity management infrastructure in favor of a comprehensive cloud directory service alternative.

The end result is that, with JumpCloud Policies, JumpCloud admins can manage cross-platform fleets of systems with GPO-like capabilities – all from one central management platform in the cloud.

Learn More about the Future of Group Policy Objects

Check out our whiteboard presentation to learn more about JumpCloud system policies. You can also contact JumpCloud, schedule a demo, or sign up for a free Directory-as-a-Service account to see the future of group policy objects in action today. Your first 10 users are free forever to help you discover the full functionality of our platform, including our cross-platform group based policies, at no cost. And we don’t even require a credit card to sign up!



This is a Security Bloggers Network syndicated blog post authored by Vince Lujan. Read the original post at: Blog – JumpCloud

Vince Lujan

Vince is a documentation and blog writer at JumpCloud, the world’s first cloud-based directory service. Vince recently graduated with a degree in professional and technical writing from the University of New Mexico, and enjoys researching new innovations in cloud architecture and infrastructure.

vince-lujan has 137 posts and counting.See all posts by vince-lujan