5 Group Policy Myths
1 - Group Policy is Hype
Hype comes from people. Technology doesn't hype itself. Group Policy is serious stuff. It's not rocket science when you get down to what it's doing and how it works. Sure, there's some intricate processing being done in the background, but in the end, it's simply a way to deploy and manage configuration settings to groups of users or computers. Just as with a box of matches, Group Policy is a tool that can provide enormous benefit and time savings if used properly. Or you can fire it up next to a can of gasoline and burn the house down if you're not careful. It's a powerful tool. Very powerful. So you need to get familiar with it before you unleash it in a production environment. Plan and test in a separate environment - always.
2 - Group Policy will Break Your Network and Clog the Pipes
So will putting a dozen raw potatos down your sink drain at once. If you don't do stupid things you won't get stupid results. Make sure you retain documentation about what your policy settings are doing so that you don't accidentally duplicate the same setting, or worse, push contradictory settings from different policies. Remember to always consider Inheritence, Tatooing and the combined effects of User+Computer settings as they relate to what user and computer accounts are impacted, and where each of them reside within Active Directory. It's all about planning and being careful. Group Policy on it's own will not damage your network. Using it improperly may. It's like driving a car. If you use it improperly you can do bad things. It's not the car's fault. Ok, maybe that was a bad example. It's like using a match (I need to find a better analogy or metaphor).
3 - Group Policy Takes an Expert to Make it Work Properly
Wrong! It takes getting familiar with it. Download and install VMware Player or VIrtual PC or Virtual Box or Parallels or whatever you prefer. Install a virtual guest running Windows Server 2003 or 2008, and another running XP or Vista, and test it out. Get a book and read up. Learn. You have to prepare in order to get a driver's license or pilot's license. You have to prepare in order to build a house. The same applies to using Group Policy. Don't just "figure it out" in production. That's not the way to go.
4 - Group Policy is Great for Deploying Software Installations
For small package on small LAN environments, the answer is "maybe". It depends on how the software is packaged. It also depends on how it installs and how your LAN is built and what sort of throughput limitations or demands are present during the window of time you intend to deploy the package. Much of this holds true for SMS, SCCM, Altiris or anything else as well. To give a few quick examples, you can deploy Adobe Acrobat Reader or WInZip or small applications like these if your network doesn't choke on a lot of traffic happening all at once. I would NOT recommend pushing Office 2007 or Autodesk Inventor 2009 using Group Policy, unless you're planning to quit and make everyone miserable on your last day of work.
5 - Group Policy Still Needs Scripts to Complete the Job
That used to be true. However, with the added capabilities of Group Policy Preferences, you can replace a ton of login scripting with GPP settings now. The ease of use is fantastic. The reliability is superb. The gains are enormous. You can leverage the benefits of GPP features on XP and WS03 as well as WS08 and Vista, as long as you have WS08 servers in your environment to use GPP features.
While third-party products like LikeWise add GPO-like features to Linux clients, I've yet to see anything like Group Policy for OSX or Linux "in general". OpenLDAP is a good solution for network-centric account management, it's doesn't include Group Policy features for managing settings via rules like Active Directory does. The point I'm working towards here is that Group Policy prior to GPP is a huge added benefit over other platform capabilities, which are only possible through extensive scripting (Bash, etc.). Some advanced processing on Windows still requires scripting or application additions, but GPP adds user and computer settings for such things as drive mappings, printer connections, shortcuts, and much more. These things used to require login scripts or startup scripts to accomplish. Not that scripting is entirely unnecessary now, but you have more options at hand to do more with less effort.
Group Policy is without a doubt one of the most powerful and compelling reasons for choosing Microsoft Windows as a business networking platform. It provides built-in, straightforward, centralized management and control over the computers and user settings in your environment. Best of all: It's FREE. And you don't have to download anything to make it work. Enhancements are available, like GPMC, GPP extensions and ADMX templates, etc., but they're not required in order to start using Group Policy right now. As with any tool however, it works best when applied to what it was intended for. Hammers are great for driving nails, but not so great at turning screws.