Since the introduction of Windows 2000, IT departments have used group policies to control and configure workstations.
A corporate workstation build will typically contain the operating system, service packs and hotfixes and core applications common to all user groups – Microsoft Office, Adobe Reader, and the like. Whilst some configuration of the base build is common, the majority of the configuration is performed via group policy. Not only do group policies provide the flexibility to change configuration of a workstation after it has been deployed, filtering and loopback policies allow different configurations to be applied to different user groups or workstations. Reconfiguration of workstations can be achieved simply by changing a policy, adding the user to a different group or changing the OU the workstation computer account is in. Windows Server 2008 introduced group policy preferences, which further extended the configurational scope of group policies. Group policy preferences allow for registry values to be written, shortcuts created, network drives mapped and connections to network printers established.
The power and simplicity of group policies has made their use within the enterprise almost ubiquitous. But as enterprises move to streamed or virtual desktops, are group policies still the most efficient way to configure workstations?
Disk streaming allows a single virtual disk, containing the operating system and core applications, to be deployed to multiple workstations over the network in real time. A streamed disk, in read-only mode (often referred to as ‘shared mode’), is not changed by the clients. All changes are stored in a temporary cache area and discarded when the workstation is rebooted. Essentially, each workstation is rapidly re-imaged every time it is rebooted.
When a normal desktop workstation boots up, and a user logs in, the workstation checks to see what policies should be applied. The workstation then checks the policy revision numbers to see if the policies have changed since the last time it downloaded them. If the policies are the same, the workstation skips them and moves on to loading the profile. If the policies have changed, the workstation downloads the policy settings, the policy ADM files, reapplies every setting and caches the policy to speed up boot times and user logins in future.
Where read-only hard disks are used, as is the case with streamed disks, the policy cache is discarded at each boot. Every time a workstation boots, all policies are downloaded and applied in full. In addition to increasing network traffic, the delay in boot and login times can be significant. Any negative impact on the user experience – no matter how small the effect might be – impacts on users’ satisfaction with their desktop. When you’re implementing new desktop technology, users’ perception of the performance of the system is critical to receiving a positive reception from the business.
By making the configuration changes you would usually perform within group policy to the base build, boot and login delays can be reduced. Overall manageability of the environment is not significantly impacted. As there is just one disk image, making a change to the configuration is as simple as updating the disk image, making the change and getting the users to reboot. The new disk image, complete with all the changes, is distributed the next time the workstation starts.
Obviously, there are many instances where group policies are the only practical method of deploying configuration settings. However, for settings common to all users and to all classes of workstation, group policy is no longer the only manageable and practical method. Applying changes to the base build is almost as easy to manage and can result in noticeably better boot and login times.
And as we all know … anything which can make users happier generally makes our lives easier.