Group Policy Preferences Simplify Domain Management

Brian St. Marie - Sr. Systems Engineer

Group Policy has been a standard element of domain management since Windows 2000 Server over a decade ago.  However, Group Policy hasn't always kept up with the changes in desktop operating systems, limiting the amount of control network administrators can maintain over client machines.

That all changed with the introduction of Group Policy Preferences, introduced with Windows 2008 Server.  By using GPP technology, Windows 2008 Server allows much more extensive control of client systems than ever before.  Essentially anything that can be configured through the Control Panel of the client system can now be controlled through a Group Policy Object.  But GPP is not limited to just Control Panel options.  Administrators can now install printers (both local and network), map network drives without using ancient DOS-based batch scripts, modify registry entries, install applications, and control folders and files all from a simple Group Policy interface.  And best of all, each of these features can be easily targeted to specific users, computers, or groups through a simple to use GUI.  Yes, you can now easily control which users are assigned which network drives or printers right from a Group Policy without having to use cumbersome and buggy logon scripts!

Unfortunately, because GPP was introduced with Windows 2008 Server, it does not support clients older than Windows Vista out of the box.  However, there is a small patch available from Microsoft (http://www.microsoft.com/download/en/details.aspx?id=3628) which enables support for GPP on Windows XP SP2 and SP3 machines.  This patch can be easily deployed across a network using any typical patch deployment software platform.  My personal favorite tool for doing this is PDQDeploy (http://www.adminarsenal.com/pdq-deploy/main/), which is an excellent, free utility.

Group Policy Preferences completely revolutionize network administration and management for Windows-based networks.  However, it is still extremely common to see older-style GPOs and custom logon scripts being used at companies of all sizes even today.  This results in unnecessary instability and difficulty in management for many networks.  If you're concerned that your network may not be utilizing the powerful new features of Windows 2008 Server such as GPP, Contact Us today and one of our engineers will be more than happy to review your network infrastructure with you.