Pete
In case you haven't seen this information yet, from the SP1 Deployment
Guide.
After you install SP1, you will be temporarily unable to manage domain-based
Group Policy from that computer because of the following changes:
" The Group Policy Management Console (GPMC) will be uninstalled.
" Gpedit.msc will default to the Local Group Policy Editor.
Because of these changes, use Remote Desktop to connect to another computer
to manage Group Policy. Shortly after the release of Windows Server 2008, an
updated GPMC with greater functionality will be released as part of the
Remote Server Administration Tools (RSAT). The updated GPMC will include the
ability to use Starter Group Policy objects (GPOs), which enable you to
configure common scenarios more easily. It will also include more powerful
search and filter capabilities to make it easier to find and edit settings
and add comments about the settings (or the GPO itself), as well as Group
Policy Preferences (also known as PolicyMaker) to further enhance the
manageability of Group Policy. For more information about Group Policy
Preferences, see
http://go.microsoft.com/fwlink/?LinkID=103735.
For more information about these changes, see the release notes
(
http://go.microsoft.com/fwlink/?LinkId=107076) and the Windows Vista
Service Pack 1 Overview (
http://go.microsoft.com/fwlink/?LinkID=100279).
Here is an excerpt from an article that discusses the reason that the GPMC
was removed from the OS installation.
<quote>
Its funny because this probably falls into one of those "you're damned if
you do and you're damned if you don't" categories for Microsoft. Back when
GPMC first shipped, out-of-band of the OS, I'm sure Microsoft heard
complaints that it should be in the OS, since it became such a crucial part
of managing GP for many shops. So, they went and did the most logical
thing--they put it in the box in Vista. But to do that resulted in GPMC
having to become part of the behemoth that is the Operating System release
cycle at MS. This has obvious limitations if you know how glacially things
move within MS when it comes to OS revs. Once inside the OS, they could no
longer rev the GPMC and make enhancements to it on their own schedule.
Everything had to be tied to the OS releases, which aren't exactly snappy if
you hadn't noticed .
In addition, I'm sure more than a few large customers pointed out that
having GPMC on every Vista install presented some...er...uncomfortable
risks. Namely, in order for a normal user to process GPO's, they have to be
able to read them. No biggie--its not like they can edit them. But, with
GPMC installed on every desktop, any joe user with normal non-administrative
rights in the domain can open GPMC and view the settings on any GPO they
have read access to! Further, they can also backup all GPOs that they have
read permissions on, to, say, their USB keys, and then take those backups to
their friendly neighborhood hacker, who now has a pretty good picture of the
security configuration of their AD environment (in the worst case scenario,
that is).
So bottom line is that I think its a good idea, for the reasons I've
mentioned and probably a few others, that GPMC will not ship in the OS and
will require some kind of separate administrative install.
</quote>
The GPOGUY-- Group Policy Blog: GPMC not part of Vista, SP1:
http://sdmsoftware.com/blog/2007/08/gpmc_not_part_of_vista_sp1.html
There is no 'official' release date for the RSAT tools, but they have stated
that it will 'any day now'.
Keep an eye on this webpage for the latest info.
Windows Server Division WebLog:
http://blogs.technet.com/windowsserver/default.aspx