Mark Minasi's Tech Forum
Register Calendar Latest Topics Chat
 
 
 


Reply
  Author   Comment  
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 781
Reply with quote  #1 
Got this from Sami Laiho newsletter

Quote:

Microsoft want's to move from GPO's to MDM... I'm sorry for this, like most of you probably are as well, but I do understand that I need to prepare myself. Group Policy is there to stay for a long time as well but people should remember that Satya's vision is to make Windows an open platform. MDM is open while Group Policy is proprietary to Microsoft. Hence... Sadly, MDM wins. To take a look on your current environment and measuring how you can work with it with MDM, use this MDM Migration Analysis Tool (aka MMAT)
  • So Server guys need to learn Desired Stata Configruation and client guys MDM - BTW. I hate both [wink]

 

Hope this number is a big as WIN's number for being removed.

__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 183
Reply with quote  #2 
Not to worry. Microsoft not investing (much) does not mean that the feature is going away. Ten years from now you can still manage your domain-joined devices using GPO. It's the non-domain joined devices that need to be managed with MDM, but that's a different world anyway.

> So Server guys need to learn Desired Stata Configuration

I heard that before, and I don't agree. There is a small overlap between GPO and DSC (both can set regkeys, for instance), but that's about it. The question is to what extent GPO is needed on servers. Servers used to be tuned heavily, especially from a security perspective. In modern times, not so much.


__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
jsclmedave

Administrator
Registered:
Posts: 435
Reply with quote  #3 
Quote:
Originally Posted by wkasdo
Not to worry. Microsoft not investing (much) does not mean that the feature is going away. Ten years from now you can still manage your domain-joined devices using GPO. It's the non-domain joined devices that need to be managed with MDM, but that's a different world anyway.

> So Server guys need to learn Desired Stata Configuration

I heard that before, and I don't agree. There is a small overlap between GPO and DSC (both can set regkeys, for instance), but that's about it. The question is to what extent GPO is needed on servers. Servers used to be tuned heavily, especially from a security perspective. In modern times, not so much.



While at the PowerShell 2017 Summit in Seattle, I am seeing once again evidence that many large companies are still working to migrate off of 2003 to 2012R2.  For many 2016 is not a production business option so they will be on 2012R2 for a long time.

Will DSC and MDM be needed for cloud Nano etc SURE!  But as Joe said, WINS days are numbered as well.  And like Mark will remind us "Its a REALLY big number"

You want to learn something needed for a WIN / Linux Admin, learn PowerShell...

The rest will be easy to pick up if you know that...

__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
gpoguy

Avatar / Picture

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 50
Reply with quote  #4 
To the extent that it's interesting,  I wrote this at the beginning of last year:

https://sdmsoftware.com/technology-futures/2016-future-group-policy/

Bottom line, as mostly noted here:

1. Microsoft is not investing in dev of GP
2. Customers are not moving away from GP
3. DSC is good for servers but still very immature as compared to a technology like GP, unless you live in a pure DevOps world where you're used to "EaC" (Everything-as-Code).
4. MDM (e.g. Intune, Airwatch, etc.) costs money and interestingly, at Ignite last year, I had several customers who were strictly Intune shops come up to our booth lamenting at the lack of configuration capability in Intune as compared to GP.

That said, I am not so naive as to believe (and we're already seeing it) that as MS morphs over time, GP will increasingly break or just not be supported. We are starting to see that with Nano, and I suspect it will just continue to be marginalized over time. Want to bet that when the rumored Windows-on-ARM (WOA) comes out later this year or next, that it doesn't support GP. So then we'll have a server version of the OS and a client version of the OS that don't support GP, and then it begins [smile]

__________________
Darren Mar-Elia
MS-Group Policy MVP
Founder--SDM Software (https://sdmsoftware.com)
Need Group Policy Training? Check out my Group Policy Fundamentals course: http://pluralsight.com/courses/group-policy-fundamentals
0
jsclmedave

Administrator
Registered:
Posts: 435
Reply with quote  #5 
At the PowerShell Summit it was all about DSC...
__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
gpoguy

Avatar / Picture

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 50
Reply with quote  #6 
Well yea. If I were at a Group Policy Summit, guess what it would be about? :-)

But seriously, I have thought and still think that DSC is great, but it's got *A LOT* of rough edges. It is not so much a configuration management system as a bag of bits with lots of potential. If I were recommending DevOps config mgmt. for Windows today, I would have to point someone at Chef or Puppet, before encouraging them to roll their own with DSC. The good news is that both of those products support DSC docs at some level, so it's a way to dip your toe in without putting your job on the line.

__________________
Darren Mar-Elia
MS-Group Policy MVP
Founder--SDM Software (https://sdmsoftware.com)
Need Group Policy Training? Check out my Group Policy Fundamentals course: http://pluralsight.com/courses/group-policy-fundamentals
0
Creacon

Avatar / Picture

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 30
Reply with quote  #7 
Shucks, and I just got reasonably comfortable with that labrynth of GP's, and now I gotta learn something new.
__________________
Capt. Dinosaur
0
gpoguy

Avatar / Picture

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 50
Reply with quote  #8 
Well, it depends upon where you are in your career. I suspect GP will still be relevant for 5-10 more years, so you have time :-)
__________________
Darren Mar-Elia
MS-Group Policy MVP
Founder--SDM Software (https://sdmsoftware.com)
Need Group Policy Training? Check out my Group Policy Fundamentals course: http://pluralsight.com/courses/group-policy-fundamentals
0
jsclmedave

Administrator
Registered:
Posts: 435
Reply with quote  #9 
Quote:
Originally Posted by gpoguy
Well yea. If I were at a Group Policy Summit, guess what it would be about? :-)

But seriously, I have thought and still think that DSC is great, but it's got *A LOT* of rough edges. It is not so much a configuration management system as a bag of bits with lots of potential. If I were recommending DevOps config mgmt. for Windows today, I would have to point someone at Chef or Puppet, before encouraging them to roll their own with DSC. The good news is that both of those products support DSC docs at some level, so it's a way to dip your toe in without putting your job on the line.


Chef & Puppet are two worlds that a lot of people are having trouble diving into.  There is already push back to learn PowerShell and now Ruby..?  Code that is Case Sensitive..?  <runs away like hair is on fire> ...

I like both HOWEVER!!     I have heard horror stories about MGT being the biggest problem...

Talking with Steven Murawski he shared some the known and prevalent pitfalls that they see in several of the companies that are now deploying Chef.

He has passed this on to companies with new roll outs, even told them specifically what will happen IF company ABC is brought in and how they can help fixing the issues after they have had enough.

All of his warnings have came to fruition and instead of heeding the advice, they instead went down another rabbit hole and now its a mess that no one wants to deal with.

This is the top reason a lot of Techs that I have talked to have not embraced Chef & Puppet.  Not that its not a great solution, their MGT is once again in the way.

 
DSC sounds GREAT on paper and looks great in the Demo's.  Getting past Security, MGT, the endless silos is the worst part especially when someone points me to another Microsoft incident where the answer was "Oh yeah that's a known issue we are working
on that"

I'm looking at DSC as another layer not the cure all.  

I prefer Group Policy because I am comfortable with it, its intuitive and honestly people in the community like Darren and Jeremy have made me look like a super star. 

Thank You Both!!!!

PowerShell is the key thing that I am yammering about.  That is the key to everything.  Once you have a grasp on that you can start tinkering with everything Microsoft.

Remember,,, there are still a LOT of companies paying a crazy amount of $$ to support WIN 2003R2.  Group Policy is not going away anytime soon.


__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
Phil-n-JaxFL

Avatar / Picture

Grumpy Old Men
Registered:
Posts: 77
Reply with quote  #10 
I know this discussion was concerning GPO's, but some individuals took this into cloud technologies.

I recently went to a MeetUp (https://www.meetup.com/jaxfisg/) and Adnan Cartwright (https://mvp.microsoft.com/en-us/PublicProfile/4039753?fullName=Adnan%20Cartwright) was the guest speaker (EXCELLENT speaker, btw). He stated you have to know PowerShell in moving with the future of IT. But he said Templates and DSC were the "thing". He stressed this quite a bit.
He stated you have to know PowerShell going forward. But he said Templates and DSC were the "thing" and future as well. He stressed this quite a bit.
He also said you need to know JSON and Node.JS, which are used in Azure and AWS.

I was told by another person who works constantly in cloud technologies, that learning Python, PowerShell, Ansible, JSON, Node.JS, CloudHealth, and TerraForm will rocket your career...I'm still learning and don't see that ever stopping!


__________________
Phil
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 781
Reply with quote  #11 
Follow up from Sami with a chat with Jeremy

http://blog.win-fu.com/2017/04/is-group-policy-gonna-die-do-i-have-to.html

My favorite quote
Quote:

And, for the record, I own two cars and one scooter. (And zero tanks.)

__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation: