Group Policy is a many-splendored thing. Like many other aspects of Active Directory Domain Services (AD DS), Group Policy has evolved over time, partly with respect to best practices that we recommend, tools and features from Microsoft, and third-party software and solutions.
After having so much fun with Microsoft GPOAccelerator, some of my students in a Group Policy class in the Global Knowledge virtual classroom asked where we could download this tool set we had used in class. There’s bad news and good news in this regard. First, the bad news – there is no longer a download (at least not that I could find) of the GPO Accelerator package from Microsoft.
The good news? Well, the GPO Accelerator functionality is available as part of the Microsoft Security Compliance Manager (MSCM). About a year ago, the GPOAccelerator was pulled into the MSCM, and last month (April 6, 2010), Microsoft published version 2.51 of the MSCM. This version can be downloaded at <http://www.microsoft.com/downloads/details.asp?FamilyID=5534bee1-3cad-4bf0-b92b-a8e545573a3e&DisplayLang=en>. But to really understand what the GPO Accelerator is and why it fits into the MSCM, let’s take the story back a bit further.
Once upon a time, when Group Policy was young, in the beginnings of Active Directory with Windows 2000 Server, the operating system came with a few example security templates. Anyone wanting to establish robust security policies had to start either from scratch or nearly from scratch using these rudimentary templates. Over time, Microsoft provided additional guidance with respect to security policies and released offerings such as a security guide for Windows XP, and the Windows Server 2003 Security Guide (WSSG 2003). As Microsoft had welcomed and solicited input from many organizations in developing such security guides, some organizations such as the U.S. National Security Agency (www.nsa.gov) did not publish their own separate security guide from Windows Server 2003.
Meanwhile, the Group Policy Management Console (GPMC) offered new capabilities for importing example policies, another version of the WSSG for Server 2003 came out, and eventually Windows Server Vista and Windows Server 2008 released, as did updated security guides for these newer operating systems. The Windows Server 2008 Security Guide (WSSG 2008) and Windows Vista Security Guide, along with the Windows XP Security Baseline and WSSG 2003 were available as part of the solution pack called the GPO Accelerator. Now all of this functionality and more has been wrapped up into the MSCM.
So if you’re looking for the Windows XP, Server 2003, Vista, Server 2008, 7, or Server 2008 R2 security guides, look no further than the Microsoft Security Compliance Manager (MSCM). The old Threats and Countermeasures guide, and a newer IT Infrastructure Threat Modeling Guide are available separately for download.