Admin Tip #11: AD admins should be running Windows XP Pro.

Hits: 42927



Background : AD differences between XP and W2K. Summary :

Source: Managing Windows XP in a Windows 2000 Server Environment 317K Word doc

You can add Windows XP Pro workstations to your AD domains and they will respond to existing GPOs just like Windows 2000 Pro. That is a significant bit of information. Much more important though is that if you update Windows 2000 Active Directory with the new security templates that shipped with Windows XP Pro, significant new functionality becomes available to the AD administrator using XP Pro as the admin console. For this reason, Windows XP Pro is now the preferred management console for Windows 2000 Active Directory.

Windows XP Pro ships with more than 200 new policies in addition to the 421 policies still supported from Windows 2000. Windows XP specific policies will be ignored by Windows 2000 machines. Managing policy is made easier with a new user interface available to XP Pro containing descriptive text and OS requirements for each policy. New Help files dedicated to policy settings let you search for specific policies by keyword. XP ships with Resultant Set of Policy (RSoP). New tools let administrators check policy settings in effect for any machine or user in a domain. Users can verify their own policy settings on their computer with a user-friendly report accessible from the Help and Support Center.

It is now clear that a GPO best practices are

See the full Microsoft document for detail but the process to update the security templates is simple. Be sure you can get back to your starting point should the sh*t hit the fan when you do this. It has been reported to me that in certain circumstances, this will set domain policies to defaults. Ouch to say the least.:

A brief list of the most important new Group Policy settings available to clients running Windows XP workstations:

OK I admit it. There are reasons for at least administrators to upgrade from Windows 2000 to Windows XP. And if you want the capability of tigher desktop control, your users should be on Windows XP Pro. I have had many discussions about the value of XP Pro vs W2K. My interest is from a business perspective. These new capabilities are real considerations.

Additional resources: