Greetings from another non profit IS person. 🙂
How hard is it to deploy GPP? Given that Windows XP does not natively support this, right? We need to install the client side extensions?
GPP are pretty much straight forward if your systems are XP SP3 and recently patched. I've rarely seen problems related to the preferences. If you have WSUS already you should be able to check that all your systems have the necessary client installed.
Is GPP reliable on Windows XP SP3? Googling, I turned up some references to bugs and slow performance. Does this match the current status of this product?
I haven't had any major reliability problems after the client side extension issues listed above were worked out.
How does the performance/overhead of GPP compare to using a kixtart or vbscript for things like mapping drives and installing printers?
I'm assuming that you are referring to the desktop performance.. If so the speed between the two has been negligible in my environment.
What's a good practice to use for keeping track of successful/unsuccessful logins? Our current system seems to have too much overhead. Should this be stored in the Event log? On which machine? Centrally, or on the local desktop? We do use the logs as a debugging tool currently, and also to determine when a user last logged on to the domain.
We have a couple systems in place, a legacy system (very much like what you describe, I'd like to see it retired) and event log auditing for successful and failed login attempts. Enable the auditing on your domain controllers would be enough. I suggest using Splunk to collect your logs but that is a matter of choice.
What should I try to speed up our current Group Policy infrastructure? I think this is what takes a long time at startup. Any ideas for where to start troubleshooting this?
What are best practices for creating a modern logon system to deal with the tasks I mentioned? Map drives, map printers, install software, install patches and perform miscellaneous backup routines and the like. What tools do you like and recommend for this job?
I've had extremely good luck with the GPP listed above. The vast majority of startup tasks can be accomplished with a handful of GPP settings.
What's the best way to install software that isn't neatly packed in an MSI already? We are a non-profit and could get some software donations from Tech Soup of things like SCCM. But, I really don't know if this is worthwhile.
I highly recommend EminentWare. It's a paid product but not too expensive. It will deploy updates for your non MS products (I love the Java and Adobe updates) and allows you to package and deploy software.
What are the implications of upgrading our domain to Server 2008 R2 version, to allow us to make use of GPP? I should mention that we have two member servers on our domain that are running Windows NT. These are basically appliances used only for our voicemail system. I don't want these to break. We did have an issue with upgrading our domain controllers with SMB, but I was able to find the workaround of lowering security settings. Any gotchas if we upgrade domain version? It seems like the answer should be no, but I am hoping to learn about some real world experiences.
I can't comment, I'm still on 2003 functional level.
