Just say no to bad GP articles...
Jeremy Moskowitz was kind enough to point me to an article in the Summer issue of 2600 magazine (www.2600.com). For those that don't know this mag., its essentially a paper-only (i.e. not online) magazine that is written by and for hackers on a variety of hackable topics, not specifically limited to computers. The article in question was called, "GPOs and Group Policy: Just Say No!", and was written by someone called "WagStaff". The idea behind the article is that Group Policy is bad and so you will want to disable it at your earliest convenience. Problem was, the article was clearly written by someone who had had little experience with GP, so it was riddled with errors and misconceptions. The biggest problem I had with it was that the article assumed that the reader was an administrator on their machine, to which I thought to myself, "big deal!". If you are an administrator on your machine, then I would suggest that GP is totally useless and circumventable in at least a half-dozen ways. The point of GP is not to lockdown administrators. The point of GP is to lockdown users in a managed computer environment. If anyone has the notion that GP is a useful way of managing users who are administrators on their own machines, I would suggest the following test: On a machine in a domain, as an administrator-equivalent, disable the TCP/IP NetBIOS Helper service and then see how well GP does at distributing policy updates to that machine...
I wrote a nice letter to 2600 with all of my concerns for the article. It will be interesting to see whether they respond.