Microsoft's official enterprise support blog for AD DS and more
Hi, Tim here. Ever heard of a Best Practice Analyzer, otherwise known as a ‘BPA’? It’s a type of tool that many of our product or support teams have been creating the last few years which can be used to gauge the general health of a component before things go catastrophically wrong. BPA's can also identify problems that are present in one nice fell swoop so that you don’t have to work super hard to find them yourself.
Exchange BPA is one that is widely used and has had great successes over the past few years, as an example.
You may know of this kind of thing by its only other real world implementation: a consultant.
This brings up the main two differences you may see between a BPA and a consultant: BPA's never vary in quality or experience and BPA's are FREE. Free, as I’ve mentioned before, is my favorite word.
We have a BPA for Group Policy. This tool can be ran against Server 2003 and Windows XP computers to give a good and instant idea on whether there are problems and what they are. There’s your value in this folks-problems are identified for you. In addition you can take a sample of your normal problem-free environment and store it as a Baseline for comparison purposes for when you run GP BPA following a problem or as a standard procedural health check.
Group Policy BPA installs as an application and has an easy to use wizard type interface to walk you through. Reports can be reviewed later (as I mentioned above) for comparison or even exported to send to a colleague or backup.
Check out these problems Group Policy BPA found on one of my servers:
Anything that minimizes the required thinking without a degradation in my performance or quality of work is a Good Thing. Group Policy BPA is therefore a Good Thing for IT People.
We have a general Knowledge Base Article about this great FREE offering here: "How to use the Microsoft Group Policy Diagnostic Best Practice Analyzer (GPDBPA) tool to collect and to analyze data" (http://support.microsoft.com/kb/940122). One of the big things that article does is contain links to where you can download GP BPA. In order to be repetitive and repeat myself or say the same thing again I’m giving you those same links below:
Group Policy Diagnostic Best Practice Analyzer for Windows Server 2003 (KB940122)
Group Policy Diagnostic Best Practice Analyzer for Windows Server 2003 x64 Edition (KB940122)
Group Policy Diagnostic Best Practice Analyzer for Windows XP (KB940122)
Group Policy Diagnostic Best Practice Analyzer for Windows XP x64 Edition (KB940122)
Group Policy BPA is an administrator’s friend and can either shed light on pre-existing problems or set your mind at ease that you don’t have problems at all.
So I have two questions for you:
Microsoft is very interested in your feedback on how we can make Group Policy BPA better for you so please tell us what you think. This is a great chance to get your feedback directly back to the folks who make the product, and we’d love to hear from you.
So please comment this post or email us to let us know!
- Tim Springston
PingBack from http://www.savagenomads.net/2008/04/11/group_policy_best_practice_analyzer/
Earlier, we told you about the new Group Policy admin templates available for download . Many thanks
What about Vista and Server 2008? Does GPBPA run on/against these machines, does it understand new GP features?
1. Include information about what each found issue means...either in the Help file or within the report.
2. Fix authentication. Specifying a Domain Admin user does not work; you have to use runas for the program to work properly.
1. Include links to references...e.g. when an item says "please refer to log file for more details" include link to log file or location of log file.
2. Include where the issues are found and their impact. "Unable to determine LDAP Server signing requirements" does not help if I don't know where the error comes from or why it is important.
And one last one: Use friendly names for GPOs. I could look them up, but it's a pain.