I have been recently writing a Group Policy Course and have looked at in some detail the Group policy Best Practise Analyzer. I must admit I had let this pass me by a bit. It was released by us Last August 2007, with not much of a Fanfare. But I would strongly encourage you to add it to your toolbox for tackling and troubleshooting Group Policies. See details about it below;
Group Policy Best Practise
You can use the Microsoft Group Policy Diagnostic Best Practice Analyzer (GPDBPA) tool to collect data about an environment's Group Policy configuration. For example, you can use this tool to analyze a Group Policy configuration for the following purposes:
•To search for common configuration errors
•To discover and to diagnose problems
•To collect data for archiving
The account that you use to run the tool must have the appropriate permissions to access both the Active Directory database on an environment's domain controllers and the SYSVOL file structure that is maintained on those domain controllers. Additionally, the account must have local Administrator permissions on the Group Policy client.
There are two additional prerequisites for using the GPDBPA tool:
The Microsoft .NET Framework version 1.1 or a later version must be installed on the computer on which the GPDBPA tool is installed.
The Windows Management Instrumentation (WMI) service must be running on the environment's domain controllers.
The GPDBPA tool is an automated health-check and troubleshooting tool. The tool is written in the C# language, and it collects configuration settings. The tool also performs tests against the Group Policy configuration of an environment. After the tool collects these test results in an XML output file, rules are then applied to the data that is collected in this file. Any differences between these rules and the data that is collected are highlighted
The GPDBPA can provide information to help you respond to situations such as:
· Policy settings are not being applied as expected.
· A feature is not functioning as expected. (For example, a mapped drive is not visible on client computers.)
· A computer has:
· Stopped responding during logon or startup.
· Restarted during logon or startup.
· Experienced delays during logon or startup.
· You need to determine whether:
· Policy settings are configured in a way that poses a security risk.
· Necessary services are running.
· You are connecting over a slow link.
· Loopback mode is in effect.
Using the GPDBPA, you can scan the Group Policy configuration on either a client computer (managed node) or domain controller, and view a report of potential issues. Additionally, you can schedule a scan to run at a future time, or schedule scans to run on a recurring basis.