Archive for the ‘News’ Category.
The Group Policy Search Engine is a great web site that has all the different version of Microsoft Group Policy ADMX files that allows you to easily and quickly search for the policy setting. This site is one I use very frequently especially and is a must have bookmark for any Group Policy Administrator.
Well, Stephanus from Microsoft who maintains the web site has just loaded the Windows 8.1 and Windows Server 2012 R2 policy setting meaning you can now look up all the new policy setting in the latest version of Windows.
So check out the new 8.1 settings at http://gpsearch.azurewebsites.net/
Microsoft has just released the RTM version for people who have MSDN or TechNet subscriptions of Windows 8.1 and Windows Server 2012 R2 (see http://blogs.technet.com/b/windowsserver/archive/2013/09/09/attention-technet-and-msdn-subscribers-windows-server-2012-r2-available-for-download-today.aspx). The really great new about this release is that there are a few new Group Policy setting, most notably NATIVE support for IT Administrators to configured boot to desktop.
The setting name is called “Go to the desktop instead of Start when signing in or when all the apps on a screen are closed” and can be found under the User Configuration > Policies > Administrative Templates > Start Menu and Taskbar. Certainly Microsoft has gone out an made the policy setting name a bit long but I am sure it will become to be know as the “Boot to desktop” group policy setting.
Its pretty simple to implement just check the “enable” option and apply the policy to all your Windows 8.1 accounts and they will go straight to the desktop when they logon.
So there you have it you can natively configure your users computers so they can boot straight to the desktop using fully supported group policy settings. Is this a feature that has been sorely missed? do you think organisation will configured this by default for there 8.1 rollouts? let me know what you think in the comments below.
As I briefly mention in my previous blog post about Group Policy Caching (http://www.grouppolicy.biz/2013/07/group-policy-caching-in-windows-8-1/) both Group Policy Preferences Drive Mappings and Disk Quotas are no longer processed as a Synchronous policy setting. But what does this exactly mean….
Put simply Drive Mappings (and Disk Quota) policy settings will now apply in the background for the users without them having to reboot or log off their computers. This mean you can now update users drive mappings dynamically in background without them ever have to log off… Sounds great but how does this work in practice? Glad you asked…
Before…. No drive mapping…
After the next background policy update (or manual “GPUPDATE”) then… TADA, the Drive Mapping has appeared.
An interesting side affect of making this policy setting a background asynchronous setting is that it reduces the need for a computer to process a Foreground Synchronous policy refresh. Meaning it is less likely that you will encounter the performance issues over slow WAN link that Group Policy Caching improvement addresses. So… Not only has made Group Policy Synchronous much faster they have greatly reduced the likeliness of it ever happening in the first place.
WARNING: As of the Windows 8.1 Preview if you set a drive mapping to “Remove” or “Replace” it will forcefully disconnect the drive and close any open files you have to that location.
Another new feature of Group Policy in Windows 8.1 is the ability for it to now cache Group Policy to improve performance when processing synchronous policy settings. Now before you say Windows 8 already starts REALLY FAST how can this make it any faster, this caching only really kicks in some very specific fringe cases. Specifically it improves performance when you computer is connected via a high latency link (e.g. WAN) to the domain controller.
To under stand how much of improvement this will give you need to be aware that each GPO download from the domain controller required 5 LDAP queries all of which have to happen in serial. This means if you have one GPO on a 200ms latency WAN link then a single GPO will take about 1 second to download and process. BUT… If you have a LOT of GPO’s in your organisation, say 200. This will be 1 seconds x 200 GPO’s meaning it will give you over a 3 minute delay at logon.
Tip: This is why it is always a good idea to try to keep the number of GPO’s you have apply to your computers to a reasonable number.
As I mentioned before this slow logon is a bit of a fringe case and unless your network is initialised while the computer is starting (e.g. Wired LAN or Enterprise WiFi) you are not likely to see this issue. But for those who are affected, this can represent a significant saving in logon speed performance when computers start up after you next change a GPO with a synchronous policy setting.
In case you were wondering the only policy setting that are now synchronous in Windows 8.1 are Software Installation and Folder Redirection. Previously Drive Mappings and Disk Quotas were sync settings but they have not been made async meaning they can apply in the background.
For a more in-depth look at this feature also check out Darren Mar-Eila blog post at http://sdmsoftware.com/group-policy-blog/group-policy/understanding-group-policy-caching-in-windows-8-1/
As your probably know the world facing an IP Apocalypse and as such sooner of later we will all have to start embracing IPv6 weather we like it or not. While Windows has supported IPv6 natively for many years now Microsoft has been slowly chipping away at IPv6 support for many of its other products. Well the good news is that Group Policy Preferences in Windows 8.1 / Server 2012 R2 now allows you to target Group Policy Preferences using IPv6 addresses.
To enable this new feature all you need to do it check “Use IPv6” in the IP Address Range Item Level Targeting feature.
As soon as you do this the IP Address range is then change to the IPv6 format allowing you to now target Group Policy Preferences to IPv6 address ranges.
And in case you have a mixed IPv4 / IPv6 rollout you can mix the types within the same targeting rule…
Update: Here are some more Group Policy Preferences that have been updated to support IPv6.
TCP/IP Printer IPv6 Support
VPN IPv6 Support
For more great IPv6 related news I would follow Ed Horley on twitter or check out his web site at http://www.howfunky.com/