Improvements in Group Policy Management
In Windows Server 2012, the basic functions
of Group Policy haven’t changed, so the Group Policy Management Console
is the same, but with more options and settings available.
The Group Policy Management Console is launched off the Server Manager console or just run as a separate tool, as shown in Figure 3.
Group policies in the past few years in Windows Server provide more
granular management of local machines, specifically having policies that push down to a client that are different for administrator and nonadministrator users.
Figure 3. Group Policy Management Console.
In addition, starting with group policies in
Active Directory 2008, applications have been able to query or register
with a network-location awareness service within Group Policy
Management, which provides the identity where a user or computer object
resides. For example, a policy can be written that allows users to have
access to applications and files if they are on a local network
segment, but for security and privacy reasons blocks users from
accessing the same content when they are on a remote segment. This
addition to group policies adds a third dimension to policies so that
administrators can not only define who and what someone has access to,
but also limit their access based on where they are.
Note
When running the Group Policy Management
Console to manage a Windows Server 2012 Active Directory environment,
you can run it on a Windows server or installed on a Windows client
system. The Remote Server Administration Tools (RSAT) are available for
installation on various Windows endpoints. Check the requirements to
confirm the version of RSAT you want to install supports the operating
system you want to manage from.
IP Address Management
New to Windows Server 2012 is the IP Address
Management (IPAM) tool. IPAM enables an organization to organize, view,
and report on utility systems on the network, specifically IP address
mapping, DNS server configurations and assignment, DHCP server
configurations and assignments, and the like.
A key area where organizations have found
IPAM to be most useful is in the replacement of spreadsheets and
databases mapping servers, routers, Internet connections, and the like
with IP addresses, those manual IP address sheets that provide the
mapping of devices and addresses. Through the use of tagging, devices
and IP addresses can be tagged to note which city, campus building,
server room, rack, and rack position a specific IP addresses and its
corresponding server or device is connected to.
IPAM also provides an “at a glance” view of
IP address blocks, IP address assignments, IP ranges and groups, and
the like, similar to what is shown in Figure 4.
Figure 4. IPAM Console.