GPO version control on Windows?!

Published by on 2011-04-03 | Leave a response

Sometimes you just need to see it another way to realize the would be a solution to your struggle:

I started using computers with the age of MS-DOS and ran Windows but only knowing there was an alternative (on which I tried but then often struggled since I almost completely switched) which were Unix-like OS. Nowadays most often I prefer the way how they stich to the principles that configurations are stored on some way but at least in normal text files and not in binary blobs. - I learned how to use Subversion and Git (which I prefer over SVN now) and then asked myself why I didn't realize that I struggled with a problem I ran into much earlier:

Version control on group policies would be really great thought I - and I realized not only MS was offering something like AGPM (Advanced Group Policy Management) or GPOAdmin from Quest. The integration to the Group Policy Management Console might be great but after reading more, I realized a problem comparing to the unix-like OS who can integrate configuration management with version control to: They bring in their own VCS for GPO change control? - Why:

Let me point out why I don't think it's a good idea:

  • Git / Subversion / Mercurial etc. are universal SCMs: You put a lot of different things under version control, be it your locally modified version of some code, software packages, Puppet manifests etc. or simply some configuration files saved via etckeeper
  • AGPM's VCS  once more extra (specific) version control systems: I have to setup a version control server system only for AGPM - I can't use it for anything else and even if I'd use MS' version control system they don't work together.

This means that I have to implement and maintain at least 2 different version control systems: One for our code and one for Group Policies and I can't use the same tools for version control I anyway use as developer and admin  - why?

It would be great if someone would (have?) create a GPO management tool and instead of adding their own way of  version control: Create an adapter to a universal version control system? Why re-inventing the wheel? - Puppet's manifests look more like code and hide less things than GPO's do: You have a nice GUI but in long term I really prefer the way Manifests are written using Configuration Management Systems like Puppet / Chef or others.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.