Its been made apparent that our workplace needs to consolidate technologies in order to restructure team responsibilities and eliminate potential conflicts with policy.
We currently use Group Policy, and DEM to manage user profiles for the collection/distribution of various application data at logon (see: User Profile Service, and VMware DEM Service)
What is the best method of handling this data? Should we stick to one technology, and if so, is DEM capable of solely handling these duties from a user profile perspective?
So far we've ran a basic test of the DEM agent in our persistent environment which successfully pulled down user profile data from the UEM directory without much of a hitch.
If we committed to DEM, will it be capable of handling the full load that Group Policy has previously managed in conjunction with DEM?
Hi Dempseyy93,
Makes sense. There's a definite overlap between some of the DEM functionality and Group Policy, so it's good to have clearly defined who's responsible for what.
There are also quite some things that Group Policy can do (computer settings, security configuration, software installation, for instance) that DEM does not – some of that might change over time, but we're definitely not looking to get feature parity with Group Policy.
On the other hand, DEM allows you to do all kinds of things that Group Policy does not support.
Maybe some other forum users can shed some more light on this, by describing how they've implemented this in their environments.
Hi Dempseyy93,
Can you describe that "full load that Group Policy has previously managed" in a bit more detail?
So after the recent meeting, here's some of the queries being thrown DEM's way from the GP guys:
1. Establish whether or not DEM has an all or nothing stance regarding User Policy GPO's
2. User Policy currently configures Security Settings - are these able to be persisted via DEM?
3. The ability to enforce settings currently set in User Policy, if a settings is configured in DEM, does it restrict users from modifying
4. Configuration of Admin Templates, is DEM 100% comprehensive in that respect?
5. Folder redirection, and drive mapping
This is a basic overview of queries so far.
Thanks
Hi Dempseyy93,
Thanks for the response, the current Group Policy admins are nitpicking DEM so to save further time answering an array of questions:
Where is the cut off between what DEM can do vs Group Policy? It is possible to use one and not the other, or do they work best in tandem?
Our ultimate goal is to ensure settings aren't doubling up between the two to prevent a conflict of control, and to create a clear baseline of what tool controls what.
Hi Dempseyy93,
Makes sense. There's a definite overlap between some of the DEM functionality and Group Policy, so it's good to have clearly defined who's responsible for what.
There are also quite some things that Group Policy can do (computer settings, security configuration, software installation, for instance) that DEM does not – some of that might change over time, but we're definitely not looking to get feature parity with Group Policy.
On the other hand, DEM allows you to do all kinds of things that Group Policy does not support.
Maybe some other forum users can shed some more light on this, by describing how they've implemented this in their environments.
There are also quite some things that Group Policy can do (computer settings, security configuration, software installation, for instance) that DEM does not
^^^^^^^^^^^Feature request ^^^^^^
For user-based setting make sure the loopback policy is set correctly, its the "ONLY" gpo I allow over our vdi objects. I set it to replace so anything above is being ignored, and let UEM work on the user settings all on its own. Everything else in virtual desktops is placed in the parent image. We do do a little group policy for the physical desktops, but we avoid it if possible, gpo processing is too slow.
Hi sjesse,
Funny how you "forgot" to quote my "but we're definitely not looking to get feature parity with Group Policy" statement
I can keep wishing.... maybe next year. Group policy needs to go the way of the floppy.