Microsoft Group Policy Objects (GPO) Replacement

By Greg Keller Posted June 20, 2019

Microsoft Group Policy Objects (GPOs) are a core part of the Microsoft Active Directory® platform. In fact, when GPOs were introduced, they were a significant step-up to the core functionality that directory services provided. So, what exactly are GPOs? They’re scripts and templates that execute policies and tasks on Microsoft Windows platforms. While GPO is a brand-name functionality component provided only by Microsoft, executing policies and tasks on devices is a generic concept known to every IT admin. As a result, IT organizations have been looking for a cross-platform Microsoft GPO replacement.

LDAP and Active Directory Took Flight in the 1990s  

Active Directory and OpenLDAP

The last generation of directory services was introduced in the mid-to-late 1990s with the introduction of two major solutions: LDAP and Active Directory. LDAP was introduced in the mid-1990s as the open source directory protocol. It was meant to simplify and ease the burden of directory services. A few years later Microsoft based their Active Directory solution in part on the LDAP protocol, although the solution has since evolved to be primarily based on Kerberos. The user directory was designed to enable IT admins to connect their users with the IT resources they needed to perform their jobs, including systems, applications, and the network itself. Along with the domain controller, AD became the core single sign-on solution for Windows networks.

The Solo Journey of Microsoft Windows

old office

As part of being an identity provider, Microsoft added in a curious capability: management of Windows devices. The idea was to give IT admins the ability to execute scripts and tasks at boot-up or on shutdown. The notion was likely based in part on the legacy DOS boot process. The concept of executing tasks on the Windows machines became known as Group Policy Objects. Microsoft Group Policy Objects included activities such as mapping network drives, enabling screen lock, disabling guest accounts, adding password complexity, and thousands of other tasks for Windows machines.

Now Boarding: The Microsoft GPO Replacement Known as DaaS

identity management market alternative

The challenge for IT admins in modern organizations is that GPOs may not be an accessible or sufficient solution. Today’s IT environments are mixed, with Mac and Linux devices accounting for a large portion of the network. Microsoft GPOs don’t work with non-Windows platforms. In addition, many cloud-forward organizations are skipping Active Directory and turning instead to identity provider alternatives such as Directory-as-a-Service® (DaaS). Cloud-based directory services solutions are replacing GPOs with their own version of task and policy execution. The important difference maker is that command and policy execution in this model is built for not only Windows but also Mac OS X and Linux. DaaS seamlessly delivers the cross-platform version of GPO-like functionality you need.

If you would like to learn more about how Identity-as-a-Service platforms can be a cross-platform replacement to Microsoft Group Policy Objects, drop us a note. We’d be happy to discuss it with you. Or, feel free to give JumpCloud’s command and policy execution functionality a try.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts