Last week Steven Bink got my attention with the announcement of the new Group Policy Prefences white paper on the Microsoft site. After reading the paper and a very interesting discussion with Jason Leznek, who is the product manager for this feature at Microsoft, I am sure: This is an exciting new feature in Windows! I think it actually is one of the most useful enhancements of Group Policies since its introduction in Windows 2000. And the nicest part: it will work on all currently supported versions of Windows without the need for Windows Server 2008 as a server.
What are Group Policy Preferences?
Group Policy Preferences that I will call GPP in the rest of this article, allow you to define settings from Group Policy that I used to define in logon scripts and default profiles. GPP settings are more flexible than the current Group Policies, because you can specify if settings are permanent or can be changed by the end user and you can define the scope of each setting on the setting itself. This creates the option to define multiple settings for multiple target groups within the same GPO.
Here is a list of stuff you can define with GPP:
- Drive Mappings to shares
- Creation, replacement and updating of Printers and printer connections, including the assignment of the default printer
- Creation, replacement and updating of Environment Variables
- Creation, replacement, updating and deletion of Files on the target system
- Creation, replacement, updating, deletion and cleanup of Folders on the target system
- Creation, deletion and updating individual entries in INI-Files
- Creation, deletion and updating of File Shares, including management of Access Based Enumeration
- Creation, deletion and updating of any entry in the Registry for REG_SZ, REG_DWORD, REG_BINARY, REG_MULTI_SZ, and REG_EXPAND_SZ types
- Creation, deletion and updating of Shortcuts to files, websites and Shell Objects like the Recyle Bin
Definition of all settings that you find in the Control Panel, including:
- Definition of Data Sources for ODBC
- Enabling and disabling of Devices
- Definition of Folder Options (finally no more hidden extension for "known" apps)
- Linking File Extensions to applications
- Definition of Internet Settings for Internet Explorer (5, 6 and 7)
- Configuration of Local Users and Groups
- Definition of VPN and Dial-up connections
- (Easy) definition of Power Options
- Definition of Regional Settings, including UI language and time/data formatting
- Creation, deletion and updating of Scheduled Tasks
- Configuration of Services
- Configuration of the Start Menu
This is quite a list, isn’t it? Now think of it that you can define for each setting, if the user will be able to change it and that you need NO SCRIPTING to do all this stuff!
What is needed to use Group Policy Preferences?
The administration tool for GPP is included from the November CPP build of Windows Server 2008 and in the upcoming beta of the Remote Server Administration Tools (RSAT) that will run on Windows Vista with Service Pack1.
The client side for GPP is already built in Windows Server 2008. A GPP Client Side Extension will be available for the following operating systems:
- Windows XP with Service Pack 2
- Windows Server 2003 with Service Pack 1
- Windows Vista
The GPP client side extension will be available with the upcoming beta of RSAT.
There is no need for Schema updates or changes in the configuration of Domain Controllers.
Will I be using Group Policy Preferences?
To be honest, I am almost as excited as the Microsoft PM. And I haven’t even used it yet. But I already see tons of possibilities to simplify my logon scripts and put less information in default user profiles.