Chapter 6: Operations


The Operations Role focuses on the daily computer operations necessary to run the business. Operations roles include messaging, system administration, telecommunications, networking, and database administration.

For a desktop service, the responsibilities of the Operations Role include:

  • Desktop and application administration and maintenance, including:
    • Software updates
    • Backup and restoration
    • Remote storage
    • Profile management
    • Desktop performance management
  • Managing account and system setup controls.
  • Creating and managing user accounts and permissions.
  • Managing desktop firewall profiles.
  • Managing Group Policy objects (GPOs).

Managing Group Policy Using Windows Vista


At the Operations Review meeting, Kevin Cook, Woodgrove's Security Administrator, raises concerns about the lack of desktop control. Recent network performance problems were traced to a number of user-caused issues, including the load from audio and video streaming by users and spyware found on local computers. Kevin asks Linda Mitchell, Woodgrove's Desktop Configuration Manager, how they can better control the software used by end users. Linda has learned that Group Policy can be used to restrict software downloads and control security. She tells Kevin that she will investigate how Group Policy can be used to help address his concerns.

Group Policy enables centralized desktop management, thereby decreasing the total cost of ownership (TCO). By defining policy settings and actions allowed, Group Policy helps increase both user productivity and security. With Windows Vista, the number of Group Policy settings has significantly increased, with over 700 new policies to help manage desktops, security, and all other aspects of running the network.

Group Policy is used to define specific configurations for groups of users and computers by creating Group Policy settings. These settings are specified through the Group Policy Object Editor and contained in a Group Policy object (GPO), which is in turn linked to Active Directory containers, such as sites, domains, or organizational units (OUs). In this way, Group Policy settings are applied to the computers in those Active Directory containers, which allow the users to configure their work environment once and rely on Windows Vista to enforce the policy settings they have defined.

Group Policy can be used to define the following settings:

  • Registry-based policy settings
  • Security settings
  • Software restrictions policy settings
  • Software distribution
  • Computer and user scripts
  • Folder redirection
  • Internet Explorer maintenance

Windows Vista includes the following new functionalities:

  • Integrating Group Policy Management Console.
  • Deploying power management settings.
  • Restricting device access.
  • Improving security settings.
  • Expanding Internet Explorer settings management.
  • Assigning printers based on location.
  • Delegating printer driver installation to users.

For a complete list of Group Policy settings available in Windows Vista, see Group Policy Settings Reference Windows Vistaat


After doing a little research, Linda puts together a proposal and shares it with both Kevin Cook from Security and Ray Chow from Infrastructure. In her plan, she proposes moving users to a managed desktop solution, where they will not have permission to install applications. Instead, all approved software will be published to users for installation through the Programs and Features Applet in Control Panel. By limiting the applications in the environment to only those that have been tested and approved, the performance and security issues caused by unapproved software in the current environment will be eliminated. Both Kevin and Ray are excited about this approach and agree to begin gathering the architecture and security requirements needed to implement the managed desktop solution. Linda agrees to get the proposed GPO changes added to next month's Change Initiation Review meeting. She looks to the guidance for more information on Group Policy tools that will aid in making the proposed GPO changes and finds information on Group Policy Object Editor and Group Policy Management Console.

Group Policy Object Editor is a Microsoft Management Console (MMC) snap-in used for configuring and modifying Group Policy settings within a single GPO. Each Windows Vista operating system has one or more Local Group Policy objects (LGPOs). The policy settings are applied to the LGPO manually with the Group Policy Object Editor or through scripts.

Figure 6.1. Group Policy Object Editor

Group Policy Management Console (GPMC) is a comprehensive administrative tool for Group Policy management. GPMC comes with the Windows Vista operating system.

Figure 6.2. Group Policy Management Console

Windows Vista introduces a new format for defining registry-based policy settings. Registry-based policy settings (located under the Administrative Templates category in the Group Policy Object Editor) are defined using a standards-based, XML file format known as ADMX files. These new files replace ADM files, which used their own markup language. One of the key benefits of ADMX files is the support for multilingual environments, which are not easily implemented with ADM files. The Group Policy tools—Group Policy Object Editor and Group Policy Management Console—remain largely unchanged except that they have the ability to read the new ADMX files. In the majority of situations, you will not notice the presence of ADMX files during your day-to-day Group Policy administration tasks.

To Apply Group Policy settings from Windows XP to Windows Vista

  1. Upgrade the Group Policy administrators' workstations to Windows Vista. All Group Policy management will now be done from the computers running Windows Vista.

  2. (Optional) Create a Central Store on SYSVOL for each Active Directory Primary Domain Controller (PDC), where Group Policy is managed by administrators running Windows Vista. Populate the Central Store on each PDC with ADMX/ADML files from the Group Policy administrator's Windows Vista workstation. For more information, see the Managing Group Policy ADMX Files Step-by-Step Guide at

  3. Create new GPOs (or update the existing GPOs) to include the new Windows Vista Group Policy settings.

    Note You may want to link these GPOs to the OU that will contain new Windows Vista domain-joined workstations.
    Note** In rare cases, you may need to extend the Active Directory schema to accommodate the new settings.

  4. Deploy Windows Vista workstations per the deployment project.

    Note New or updated GPOs will apply toWindows Vista workstations as appropriate.

Any decision to roll out or modify GPOs should follow Change Management and Release Management best practices:

  • A Change Initiation Review should be held to determine the practicality, feasibility, and justification in terms of business, IT operations, and security.
  • The GPO should undergo thorough testing in a test or pilot environment.
  • The proposed GPO change should then be presented at a Release Readiness Review for a final go/no go decision.
  • The GPO should be released, following Release Management best practices.

Table 6.1. Key Inputs and Outputs in Managing Group Policy




Architecture Plan

Security Policies

Operations Guide

Upgrade the Group Policy administrators' workstations to Windows Vista

Create a Central Store on SYSVOL for each Active Directory PDC

Create new GPOs

Deploy Windows Vista-based workstations

Entries into the Operations Calendar

Entries into the Service Desk Knowledge Base

Exhibit 6.1. Sample Daily Activity Log for Critical Windows Vista Desktops

Access this content as part of the WVSLM download package.

Exhibit 6.2. Sample Weekly Activity Log for Critical Windows Vista Desktops

Access this content as part of theWVSLM download package.

Exhibit 6.3. Sample Monthly Activity Log for Critical Windows Vista Desktops

Access this content as part of the WVSLM download package.


Linda and Kevin agree that managing Woodgrove's desktops through GPOs is efficient, as long as overall IT governance strategy is in place and policy decisions are made official through proper procedure.

This governance strategy should be shaped by representatives from each of the roles, and decisions should be based on:

  • Optimizing business functionality.
  • Streamlining operations and support.
  • Maintaining necessary infrastructure and security.

The following critical success factors (CSFs) and key performance indicators (KPIs) should be tracked to measure the success of these tasks.


  • All Group Policy changes should follow the organization's Change Management, Release Management, and Configuration Management processes.
  • Group Policy objects should be designed to minimize the number of manual steps needed by IT Operations.
  • All Group Policy decisions should be driven by IT governance and optimize business functionality while maintaining infrastructure and security concerns.
  • All GPOs should be thoroughly tested in a test environment to ensure predictability before being implemented into the production environment.
  • A plan for determining who will own maintenance of the GPO and a process for requesting maintenance (such as adding a new employee) should be well documented and communicated.


  • Number of GPO releases that cause unplanned downtime.
  • Number of incidents that are caused by GPO settings.
  • Number of minutes/month spent on GPO maintenance.
  • Number of minutes/month spent on manual configuration of security settings.
  • Number of minutes/month spent on manual configuration of registry settings.
  • Number of minutes/month spent on manual software distribution.

Technical Guidance

Remote Storage and Backup Using Windows Vista


In today's daily review meeting, Neil Orint, Woodgrove Bank's IT Manager, mentions that he got a call last night from the Director of Finance in the Chicago Regional Hub. Apparently, her computer's hard drive died last night and she lost a critical financial spreadsheet that she had been storing on her laptop. At this point, it looks like it will be difficult to fully recover the data. Neil explains that his IT staff currently has an excellent server storage and backup solution in place and plans to implement a desktop backup solution to safeguard against such critical data loss, using the Windows Vista new Backup and Restore Center. Linda has researched this new Windows Vista feature and can report that it has a more robust storage and backup solution for desktops. Linda takes an action item to investigate how to use these Windows Vista capabilities and implement them as part of the Windows Vista desktop service deployment.

The Windows Vista Backup and Restore Center allows you to automate remote backup storage and restore on Windows Vista-based computers to protect data on end-user computers from user error, hardware failure, and other problems. Backups can be pre-scheduled to run automatically without user interaction. Also, the simple Windows Vista recovery wizard can be used to restore files on the entire computer and can even be used to restore an image to a new computer.

Backup and Restore Center

Figure 6.3. Backup and Restore Center

From the Backup and Restore Center, specific file types can be backed up, including documents, e-mail, and compressed files, as well as music and videos. Additionally, a full computer backup can be executed. Backups can be stored either locally or on the network and can be scheduled through the Backup and Restore Center.

Figure 6.4. Scheduling Window in Backup and Restore Center

Likewise, data can be restored, either by specific file types or as a full computer restore through the use of a simple restore wizard.

In the past, IT groups have had limited ability to manage the storage and recovery of data on user computers. Now with Windows Vista, IT can control and schedule regular backups of user computers through Group Policy, ensuring that valuable data is not lost.

Before implementing a program of remote backup and storage of desktops, a number of decisions must be made and documented in the service level agreement (SLA):

  • What types of data should be backed up?
  • Which computers should be included in the remote backup process?
  • How frequently should the backups occur?
  • How quickly can data be restored? Consult with:
    • The Infrastructure group. Validate the design and implementation of the backup and storage solution. Analyze the network bandwidth and storage capacity to ensure the existing infrastructure is capable of handling the added workload.
    • The Service Desk group. To ensure that they have the proper training to perform data restores and can meet the service level targets for data restore times as documented in the SLA.


Linda decides the best approach is to use Group Policy to automatically schedule network backups for critical computers. She meets with Ray to discuss the feasibility of the proposal and determine the impact it might have on network bandwidth and storage capacity. Next she sets up a meeting with the business liaisons to discuss what the business requirements would be for network backup and storage. She invites Phil Spencer from the help desk to attend the meeting to make sure that the help desk will be able to achieve the restore time targets proposed by the business. Once the targets are agreed to and documented in the service level agreement (SLA), Linda adds the proposed change to next month's Change Initiation Review meeting.

Table 6.2. Key Inputs and Outputs in Managing Remote Storage and Backup



  • Architecture Plan
  • Operations Guide
  • SLAs
  • Operating Level Agreements (OLAs)

  • SLA and OLA updates
  • Entries into the Service Desk Knowledge Base

Critical Success Factors and Key Performance Indicators

The following critical success factors (CSFs) and key performance indicators (KPIs) should be tracked to measure the success of these tasks.


  • Desktop backup and restore policies are defined based on business need and infrastructure capacity.
  • Service Desk staff is properly trained to perform backup and restore procedures.
  • All infrastructure changes relating to backup and restore procedures follow the organization's Change Management, Release Management, and Configuration Management processes.


  • Percentage of successful backup attempts.
  • Percentage of restores occurring within SLA-defined time frame.
  • Number of restore requests/month.
  • Percentage of successful restores.
  • Percentage of available storage capacity used for desktop backup and storage.

Operations Review


With the pilot SLA and OLA in place, Linda's next task is to measure success and continuously refine what those targets should be. In order to achieve this, Linda decides to host a monthly Operations Review meeting. This meeting will be used to review the KPIs and metrics defined in the Desktop Service SLA and OLAs and to drive a plan for continuous improvement.

The Operations Review is used to evaluate significant milestones in the Desktop Service life cycle. This review is designed to assess the effectiveness of the Desktop Service's internal operating processes. Schedule this review periodically throughout the pilot program (and full-scale deployment program if a pilot is not used) to monitor and measure operations against previously set indicators. Key areas for review include:

  • Desktop service IT staff performance
  • Operational efficiency
  • Personnel skills and competencies
  • OLAs

Operations Review Process

Follow the steps in the following sections to perform an Operations Review.

Figure 6.5. Operations Review Process

Step 1. Plan for Review

Select the Review Team Lead

The appropriate person to serve as the Team Lead is the Desktop Service operations manager.

The Team Lead sets the following review parameters:

  • Identify who should attend the Operations Review:
    • Desktop Service IT operations management team
    • Service managers responsible for desktop service
    • Operations or system management teams defined by OLAs
  • Define technology and scope.
  • Set review date, time, and location.

As part of the meeting agenda, each metric to be reviewed must be assigned an owner who is a subject matter expert for that metric.

Define Meeting Purpose

The purpose of an Operations Review is to regularly review the metrics that measure the success of the service, as defined in the OLA, in a professional manner. Stay focused on the data. Missed targets provide an opportunity to drive improvements into the service and should not necessarily be seen as bad.The following questions should be addressed in determining the success of the service:

  • Was the target achieved for the past period?
  • Is the target trending positively or negatively?

If the target was not achieved, what are the contributing conditions?

  • What is the plan of action?
  • If a corrective plan is already in place, what is the status?
    • Can its success be demonstrated through positive trending?
    • If not, how can it be demonstrated?
Exhibit 6.4. Sample Operations Review Meeting Agenda

Access this content as part of the WVSLM download package.

Team Lead Prepares Written Agenda

The Team Lead should send to the meeting attendees an e-mail or other communication that contains a definition of the basic parameters of the SLA and the meeting agenda:

  • Previous meeting's minutes and actions.
  • Metrics for the current period.
  • Identification of next steps and actions required.

Team Lead Prepares for Review

The Team Lead or designee needs to make input documents available to the participants prior to the meetingnormally within several days of the end of the measurement period and within a week of the scheduled Operations Review.

Team Lead Confirms Inputs

The Team Lead confirms that the following inputs are available for the meeting:

  • OLA document for the desktop service.
  • Metrics and reports from the Support Role.
  • Operations guide for desktop service.
  • Actions and minutes from the previous Operations Review.

Participants Complete Pre-Work Templates

Team players use the templates as a tool to express issues, action items, and action success closure for agenda.

Step 2: Conduct the Operations Review

Meeting Format

The meeting's format may be real or virtual, as long as all the attendees have the ability to participate and the correct information can be shared.


The key deliverable from the meeting is a document detailing meeting minutes and associated actions from the review. Additional deliverables may include:

  • Requests for Change (RFCs) to the existing OLA.
  • RFCs to the desktop service.
  • RFCs to existing Operations documentation.

NoteThe Operations Calendar is a visual reminder of all upcoming daily/weekly/monthly tasks and is derived from the Operation Run Books, as well as the OLA and may be updated based on the output of the Operations Reviewmeeting notes.

Step 3: Follow Up on Review

The Operations manager should circulate the meeting minutes and associated actions promptly to all attendees of the Operations Review and also to any other interested parties. The operations manager is also responsible for coordinating the completion of any action items resulting from the Operations Review meeting.


Linda invites Ray Chow, the Infrastructure Manager, to the monthly Operations Review meeting to ensure that all desktop service policies and standards are being met and to discuss any upcoming changes in these standards that may affect the Windows Vista Desktop Service Deployment project. She also invites Phil Spencer from Help Desk Support and asks them to bring the monthly metrics and reports defined in the OLA. She decides that it would be helpful to have Kevin Cook, Woodgrove's Security Manager, also present to ensure that all security policies and standards are being met and to discuss any upcoming changes in security policy that may affect desktop service.

Exhibit 6.5. Sample Operations Review Meeting Minutes

Access this content as part of the WVSLM download package.

Linda has asked a member of her team to be present as well and take meeting minutes. In order for this meeting to be most valuable, Linda realizes that she must document any metrics that are not meeting the proposed target and put together a plan to improve these metrics. She intends to include these action items as part of the overall Desktop Service Continuous Service Improvement Plan. She also realizes that the Operations Review meeting may lead to changes in the existing SLA and OLAs and may affect the SLA Review meeting as well.

Table 6.3. Key Inputs and Outputs for the Operations Review Meeting



  • The SLA for Desktop Service
  • The OLAs for Desktop Service
  • Metrics and reports from the Support Responsibility Cluster
  • Policies and Standards for Desktop Service, as defined by the Infrastructure role

Operations Review meeting notes and action items. These action items may feed into other responsibility areas, including:

  • The SLA Review
  • The Known Error Database
  • The Service Improvement Program (SIP)
  • Desktop Service Operations Calendar

The following CSFs and KPIs should be tracked to measure the success of these tasks.


  • Ownership and roles and responsibilities identified.
  • Ongoing mandatory Operations Reviews.
  • Action items assigned ownership and tracked.
  • OLAs updated at Reviews to reflect changing business needs.


  • Percentage of meetings with 100 percent required attendance.
  • Percentage of OLA targets met.
  • Percentage of action items completed by target date.

Technical Guidance

MOF Operations Reviewwhite paper at