Group Policy Resources for Windows 10 build 1709

Windows 10 a.k.a. Redstone 3, a.k.a. 1709 a.k.a. Fall Creators Update has now been released to the public for download. If you would like to get a copy of the new version early to start testing you can download the PRO version using the Windows 10 ISO/USB download tool at https://www.microsoft.com/en-au/software-download/windows10 . Alternatively, you can download the images from your MSDN or Volume licencing web site.

Now normally, with any release of Windows 10 I would go though the new list of Group Policy features. But in this new version of Windows 10 there is no new major (or minor) Group Policy engine changes. This meaning that the delivery mechanism of Group Policy has not changed.

But of course, there are many new settings that come with every new version of Windows. So for your easy reference, below is a list of essential reference for any Group Policy Administrator:

  • Group Policy Settings Reference for Windows and Windows Server – This is a spreadsheet with that list all the new, updated or replaced Group Policy setting in the 1709 build. Just for the record, there is 55 new Group Policy setting in 1709 which you can find easily in this spreadsheet. You can download this spreadsheet here https://www.microsoft.com/en-us/download/details.aspx?id=25250&751be11f-ede8-5a0c-058c-2ee190a24fa6=True .
  • Administrative Templates (.admx) for Windows 10 Fall Creators Update (1709) – This is a downloadable version of the updated ADMX and ADML files that are used to define the new Group Policy settings (See above point). If you already have a copy of Windows 10 1709 installed then you can find these files in the C:\Windows\PolicyDefenitions folder. In the past, you could blindly copy the ADMX/ADML files of the new version of the OS with the old version of the OS but since Windows 10 1703 some of the old policy settings have been removed. This would not cause anything to break, but it might show up as undefined setting the Group Policy Management Console when viewing GPO reports. You can get these files from https://www.microsoft.com/en-gb/download/details.aspx?id=56121
  • Remote Server Admin Tools – Yes… Yet another new version of the Remote Server Admin Tools (a.k.a. RSAT) has been released for the Windows 10 1709. These tools are essential for anyone performing admin work with a new version of Windows 10 or Windows Server 2016 in their environment. Generally, I always recommend that any Group Policy Administrator upgrade their RSAT tools to the latest version ASAP. However, I would note that the Windows Server 2016 1709 release of Windows it is *ONLY* available as a Server Core image (see https://docs.microsoft.com/en-us/windows-server/windows-server) . This means that if you are going to install the latest version of Windows Server 2016 then these new admin tools are essential as there is no GUI option to install on the server.
  • Security baseline for Windows 10 “Fall Creators Update” – The new 1709 security templates have been added to the Microsoft Security Compliance Toolkit . These provide updated guidance and group policy settings that Microsoft recommends are applied to all new Windows 10 computers. The new settings in this security template all revolve around new 1709 features and details of these changed can be viewed here Security baseline for Windows 10 “Fall Creators Update” (v1709) – FINA
  • SMB1 Off by Default – While not a Group Policy specific change I think it is important to note that there are new ADMX setting (see above) that do have have a way to SMB1 client and server protocols. These are especially important as SMB1 is https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-windows-10-and-windows-server-version-1709 disabled in 1709 by default (in some circumstances). If you have not already disabled SMB1 then definitely something to look at ASAP and Microsoft has also published an SMB1 Clearing House list (a.k.a. name and shame list) of vendors that still required SMB1 see SMB1 Product Clearinghouse

4 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *