Archive for the ‘News’ Category.
With yet another release of Windows (seems like it was only last year… errr… wait), Microsoft has also released a new version of the remote server admin tools (a.k.a. RSAT). RSAT allow you to install the tools needed to manage your servers from a Windows 8.1 computer.
You might not think you need the RSAT installed as you are just remote desktop of the server you want to configure when needed to perform changes. Needless to say always logging onto a server to configure it is generally poor practice as it can lead to system stability issues. Once you install the tools on your PC you can use them to remotely perform these configuration without even having to logon to the server. This is even more practical now as all of the new tools are written via PowerShell meaning they can be run remotely against servers just as effectively as on the local machine.
Of course the real reason why you want the RSAT tools install on your computer it so you can run the latest version of the Group Policy Management Console (a.k.a. GPMC).
Tip: Always edit group polices using the latest version of GPMC as this will support all the features and cause the least amount of compatibility issues. As an example you might have noticed that there is no Internet Explorer 11 Group Policy Preferences however the IE10 GPP does support IE11 in the new revision. In fact I talk about this in detail in my TechEd New Zealand session where I show that the version checking for IE 10 group policy preferences now check for version 10 to version 99.
As with the previous version of the Remote Server Admin Tools Microsoft will also be automatically installing all the tools once the Windows Update is applied..
NOTE: In this release of Remote Server Administration Tools, all tools are enabled by default. There is no need to open Turn Windows features on or off in Windows 8.1, and enable the tools that you want to use.
Downloat RSAT Link http://www.microsoft.com/en-us/download/details.aspx?id=39296
The Group Policy Search Engine is a great web site that has all the different version of Microsoft Group Policy ADMX files that allows you to easily and quickly search for the policy setting. This site is one I use very frequently especially and is a must have bookmark for any Group Policy Administrator.
Well, Stephanus from Microsoft who maintains the web site has just loaded the Windows 8.1 and Windows Server 2012 R2 policy setting meaning you can now look up all the new policy setting in the latest version of Windows.
So check out the new 8.1 settings at http://gpsearch.azurewebsites.net/
Microsoft has just released the RTM version for people who have MSDN or TechNet subscriptions of Windows 8.1 and Windows Server 2012 R2 (see http://blogs.technet.com/b/windowsserver/archive/2013/09/09/attention-technet-and-msdn-subscribers-windows-server-2012-r2-available-for-download-today.aspx). The really great new about this release is that there are a few new Group Policy setting, most notably NATIVE support for IT Administrators to configured boot to desktop.
The setting name is called “Go to the desktop instead of Start when signing in or when all the apps on a screen are closed” and can be found under the User Configuration > Policies > Administrative Templates > Start Menu and Taskbar. Certainly Microsoft has gone out an made the policy setting name a bit long but I am sure it will become to be know as the “Boot to desktop” group policy setting.
Its pretty simple to implement just check the “enable” option and apply the policy to all your Windows 8.1 accounts and they will go straight to the desktop when they logon.
So there you have it you can natively configure your users computers so they can boot straight to the desktop using fully supported group policy settings. Is this a feature that has been sorely missed? do you think organisation will configured this by default for there 8.1 rollouts? let me know what you think in the comments below.
As I briefly mention in my previous blog post about Group Policy Caching (http://www.grouppolicy.biz/2013/07/group-policy-caching-in-windows-8-1/) both Group Policy Preferences Drive Mappings and Disk Quotas are no longer processed as a Synchronous policy setting. But what does this exactly mean….
Put simply Drive Mappings (and Disk Quota) policy settings will now apply in the background for the users without them having to reboot or log off their computers. This mean you can now update users drive mappings dynamically in background without them ever have to log off… Sounds great but how does this work in practice? Glad you asked…
Before…. No drive mapping…
After the next background policy update (or manual “GPUPDATE”) then… TADA, the Drive Mapping has appeared.
An interesting side affect of making this policy setting a background asynchronous setting is that it reduces the need for a computer to process a Foreground Synchronous policy refresh. Meaning it is less likely that you will encounter the performance issues over slow WAN link that Group Policy Caching improvement addresses. So… Not only has made Group Policy Synchronous much faster they have greatly reduced the likeliness of it ever happening in the first place.
WARNING: As of the Windows 8.1 Preview if you set a drive mapping to “Remove” or “Replace” it will forcefully disconnect the drive and close any open files you have to that location.
Another new feature of Group Policy in Windows 8.1 is the ability for it to now cache Group Policy to improve performance when processing synchronous policy settings. Now before you say Windows 8 already starts REALLY FAST how can this make it any faster, this caching only really kicks in some very specific fringe cases. Specifically it improves performance when you computer is connected via a high latency link (e.g. WAN) to the domain controller.
To under stand how much of improvement this will give you need to be aware that each GPO download from the domain controller required 5 LDAP queries all of which have to happen in serial. This means if you have one GPO on a 200ms latency WAN link then a single GPO will take about 1 second to download and process. BUT… If you have a LOT of GPO’s in your organisation, say 200. This will be 1 seconds x 200 GPO’s meaning it will give you over a 3 minute delay at logon.
Tip: This is why it is always a good idea to try to keep the number of GPO’s you have apply to your computers to a reasonable number.
As I mentioned before this slow logon is a bit of a fringe case and unless your network is initialised while the computer is starting (e.g. Wired LAN or Enterprise WiFi) you are not likely to see this issue. But for those who are affected, this can represent a significant saving in logon speed performance when computers start up after you next change a GPO with a synchronous policy setting.
In case you were wondering the only policy setting that are now synchronous in Windows 8.1 are Software Installation and Folder Redirection. Previously Drive Mappings and Disk Quotas were sync settings but they have not been made async meaning they can apply in the background.
For a more in-depth look at this feature also check out Darren Mar-Eila blog post at http://sdmsoftware.com/group-policy-blog/group-policy/understanding-group-policy-caching-in-windows-8-1/