Managing Windows Vista networking through Group Policy

Computerworld - Group Policy was introduced in Windows 2000 Server and was a great boon to administrator productivity. While Group Policy was enhanced and extended in Windows Server 2003, there were not many improvements to the actual settings that Group Policy could manage from a networking standpoint.

That has changed in Windows Vista. Now, administrators can use familiar tools to manage everything from LAN settings to network security modes, wireless capabilities and quality of service. And all of this can be done centrally through familiar Group Policy administrative tools, like the Group Policy Management Console.

In this article, I'll take a look at some of the new abilities of Group Policy in Windows Vista -- and some cases in conjunction with Longhorn Server -- to manage network capabilities and communications.

Hot spots

Some of the most desired new capabilities in Group Policy are:

• Wired LAN settings: You can now, through Group Policy, configure wired connections that are authenticated by 802.1x schemes.
• Multiple security modes: Wireless clients, each with different security capabilities and the ability to participate in different security methods, can all connect to an access point configured with a single service set identifier (SSID) -- lessening administrative burden and keeping connectivity setups simple.
• Extensibility and expandability: New Group Policy support for vendor-specific attributes, like different Extensible Authentication Protocol types, mean heterogeneous hardware types are no longer a real problem for achieving a unified security configuration.
• Control over allowed SSID lists: Again, though Group Policy, you as the administrator can set up a list of wireless access points (more specifically, their associated SSIDs) that Vista clients can access, or a list of SSIDs to which clients are denied from connecting.

QoS

QoS support in Windows Vista and Longhorn Server has been improved, and the two operating systems are destined to work together better than ever in ensuring bandwidth is available for legitimate applications while minimizing the impact of less relevant -- but bandwidth intensive -- applications and traffic.

QoS has been around for a while and is typically supported by a variety of network hardware devices like switches and routers. When used together, Longhorn Server and Windows Vista will allow administrators to use Group Policy to set realistic thresholds and policies that throttle, prioritize or otherwise manage the level of traffic based on the sending application, source or ending IP address, the protocol in use, or the source or ending TCP/IP or UDP port.

Network access protection

What is network access protection (NAP)? Consider this strategy: Viruses and malware are sometimes stopped by protections that are deployed at the desktop level, but by far the easiest and most reliable way to stop an outbreak would be to prevent that malware from ever being able to gain access to the network -- thus making it impossible for the threat to spread.