Using Edge in the Enterprise – Ignite Australia 2017

This is a video of the Using Edge in the Enterprise session I did at Ignite Australia 2017. This session covers the recent improvements in Edge in Windows 10 and how the new Group Policy features can enabled it to be used in the Enterprise.

I also cover some of the new features such as Favourite Synchronisation and Windows Defender Application Guard that will be coming out soon to sandbox the Edge process for improved security.

How to synchronise Internet Explorer Favourites with Edge

In the latest release of Windows 10 insider preview (Build 15002) there is a new policy setting added that allows you to sync the IE Favourites with Edge. This policy setting allow you as an IT administrator to not have to setup the browser favourites in multiple locations thus reducing duplication of effort.

Previously you may have had Group Policy Preferences Shortcuts configured to manage the IE Favourites (see below).

image

However, this only configured the Favourites in IE and not Edge.

image

It was possible to configured Edge Favourites however this was a separate policy setting called “Configure Favourites”.

image

However this still meant that you needed to maintain a separate Favourites List for each browser which normally meant a double of up settings changes when ever they needed to be updated.

image

So to remove the need to duplicate Favourite configuration when starting to use Edge, the new policy setting enables the feature to sync favourites called “Keep favourites in sync between Internet Explorer and Microsoft Edge”

image

And once enabled you now have all the IE Favourites appear in the Edge browser in almost real time during the next Group Policy updated.

image

Tip: As of this build it appear that this policy does preserve the current Edge configured Favourites, but if you deleted these they do not come back.

Updated Group Policy Health Reporter

The post Updated Group Policy Health Reporter appeared first on SDM Software | Configuration Experts.

Happy New Year Everyone! I hope everyone made it safely through the holidays. To start off 2017, we’ve been working to update some of our existing freeware tools. The first beneficiary of that work is our Group Policy Health Reporter utility, now at version 1.9 (see screenshot):

Group Policy Health Reporter 1.9

Group Policy Health Reporter 1.9

This new version fixes issues we had reporting against Windows 10 and Server 2016, upgrades the utility to 64-bit, upgrades the required .Net Framework version to 4.0 and cleans up a weird issue that seems to have been introduced at some point in Windows 7 and 2008-R2.

Namely, one of the pieces of information we return is the list of GPOs that have been processed by a computer or user, and those corresponding Group Policy Container (GPC) and Group Policy Template (GPT) versions. The idea here is that, in the days of NTFRS SYSVOL replication, you often got into scenarios where the AD part of the GPO replicated to DCs at a different rate (or sometimes not at all!) than the SYSVOL part–resulting in GPOs being incorrectly processed by some clients. Health Reporter has always called out this difference as a potential problem, by mining information in the client’s registry under HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy. However, at some point Windows 7 and 2008-R2 stopped properly updating the GPT version in that registry metadata–always reporting it as ‘FFFF’, which means that the GPT version couldn’t be resolved. This led to false positives in GP Health Reporter that were annoying at best. So we’ve essentially now cleaned that up so that these errors don’t get flagged for Windows 7 and 2008-R2 target systems. Not a perfect solution, since you could still have SYSVOL replication issues that could be completely legitimate, but for now, at least a partial solution.

And of course, if you need a more full-featured, enterprise-strength GP reporting solution that remotely grabs GP health and even SETTINGs from your Windows systems, our commercial Group Policy Compliance Manager is your solution!

Enjoy!

Darren Mar-Elia

The post Updated Group Policy Health Reporter appeared first on SDM Software | Configuration Experts. from SDM Software | Group Policy Management & Administration Tools http://ift.tt/2jrMAuW via IFTTT

How to use Group Policy to configure the Taskbar in Windows 10

In release 1607 of Windows 10, Microsoft has now introduced a way to configured the Windows 10 taskbar using Group Policy. This feature allows Group Policy administrator to now add or replace the application that appear on the taskbar. This actually is the first time since Windows Vista that a Group Policy administrator has been able to configure the taskbar for a user. Before this you could only configure it by modifying the default users profile, but user would then be able to remove and reconfigured the taskbar however they wanted.

To implement this feature you need to first create an XML file that has the required configuration information. This is actually just an addition to the same XML file you might already have deployed to configure your start menu. In fact the policy setting to apply the taskbar settings is the exact same “Start Layout” policy setting under “Users\Administrator Templates\Start Menu and Taskbar” that was introduced in Windows 8.1.

image

Once you have configured the XML then save it to a network share that has “Authenticated Users” read permission and then point the policy setting to use the XML file you saved at this location.

Below is an example XML that will apply Paint, Microsoft Mail and Command Prompt to the taskbar.

<?xml version=”1.0″ encoding=”utf-8″?>
<LayoutModificationTemplate
xmlns=”http://schemas.microsoft.com/Start/2014/LayoutModification”
xmlns:defaultlayout=”http://schemas.microsoft.com/Start/2014/FullDefaultLayout”
xmlns:start=”http://schemas.microsoft.com/Start/2014/StartLayout”
xmlns:taskbar=”http://schemas.microsoft.com/Start/2014/TaskbarLayout”
Version=”1″>
<CustomTaskbarLayoutCollection>
<defaultlayout:TaskbarLayout>
<taskbar:TaskbarPinList>
<taskbar:DesktopApp DesktopApplicationLinkPath=”%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk” />
<taskbar:UWA AppUserModelID=”microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail” />
<taskbar:DesktopApp DesktopApplicationLinkPath=”%appdata%\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk” />
</taskbar:TaskbarPinList>
</defaultlayout:TaskbarLayout>
</CustomTaskbarLayoutCollection>
</LayoutModificationTemplate>

As you can see the Microsoft Windows Live Mail is a Universal Windows Application, if you want to pin another UWA like this you can pin it to your start menu and then use the “Export-StartLayout” PowerShell command to get the exact AppUserModelID value for the app you want to pin.

So now you have the XML you want to use and you want to apply it simply configured and apply the “Start Layout” policy (as per above) to the user and they will now get the apps pin’d to the taskbar next time they logon.

image

Note that even though you have added the pinned items to the taskbar you should be aware that they can still un-pin these items. Unlike other policy settings however, they will not come back after the next Group Policy refresh. Instead they will only come back once the XML modification date is changed. The easiest way to do this is to simple open then XML configuration file on the central server and then just save the un-modified file. Note: This feature does not allow you to remove the “Cortana” and “Task View” items using this feature.

For more information about this feature including a complete breakdown of the XML schema check out https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-10-taskbar

Remote Server Admin Tool out now for Windows 10

Every time Microsoft releases a new Windows client OS they also release the Remote Server Admin Tools for the client OS and as expect they have done this again for Windows 10 1607. In case you don’t know what Remote Server Admin Tools (a.k.a. RSAT) is, its the full sweet of admin tools that you would normally have available on a Windows Server but packaged to be installed on the client OS. This is a essential for anyone who manages servers as it is important to be able to manage you serves remotely. This is of course particularly important as Windows Server 2016 by default, does not install the GUI thus making this tool not only important but essential.

Of course, one of the tools that is part of this update file is the Group Policy Management Console and as always recommended, its best to use the latest version of the GPMC when editing Group Policy Objects.

So if you do any GPO editing in your environment and you are running Windows 10 then go download it now at  https://www.microsoft.com/en-us/download/details.aspx?id=45520