Automating Windows 8.1 Configuration

  • 11/15/2013
Contents
×
  1. Understanding Group Policy preferences
  2. Configuring Group Policy preferences
  3. Managing preference items
This chapter from Windows 8.1 Administration Pocket Consultant: Essentials & Configuration introduces essential tasks for understanding and managing Group Policy preferences.
  • Understanding Group Policy preferences
  • Configuring Group Policy preferences
  • Managing preference items

Group Policy is a collection of preferences and settings that can be applied to user and computer configurations. Group Policy simplifies administration of common and repetitive tasks as well as tasks that are difficult to implement manually but can be automated. Group Policy is represented logically as an object called a Group Policy Object (GPO). Each GPO is a collection of policy settings and preferences.

Group Policy preferences, which are the focus of this chapter, enable you to automatically configure, deploy, and manage operating system and application settings, including settings for data sources, mapped drives, environment variables, network shares, folder options, and shortcuts. When you are deploying and setting up computers, you’ll find that working with Group Policy preferences is easier than configuring the same settings manually on each computer, in Windows images, or through scripts used for startup, logon, shutdown, and logoff.

In this chapter, I introduce essential tasks for understanding and managing Group Policy preferences. In upcoming chapters, I’ll show you how to put individual policy preferences to work to automate the configuration of your computers running Windows, whether you work in a small, medium, or large enterprise.

Understanding Group Policy preferences

You configure preferences in Active Directory–based Group Policy. Local Group Policy does not have preferences.

Accessing Group Policy in Active Directory

With Active Directory, each site, domain, and organizational unit (OU) can have one or more Group Policy Objects associated with it. You view and edit GPOs in the Group Policy Management Console (GPMC). On Windows-based servers, the GPMC is available as part of the standard installation. On Windows-based desktops, the GPMC is not available by default but is included in the Remote Server Administration Tools (RSAT), which can be installed on Windows-based desktops.

You can download the RSAT for Windows 8.1 by visiting the Microsoft Download Center (http://download.microsoft.com/). After you install the GPMC as part of the RSAT, you can run the GPMC from Server Manager. In Server Manager, select Tools, and then select Group Policy Management.

As shown in Figure 4-1, the left pane of the GPMC has two upper-level nodes by default: Group Policy Management (the console root) and Forest (a node representing the forest to which you are currently connected, which is named after the forest root domain for that forest). When you expand the Forest node, you find additional nodes, including:

  • Domains Provides access to the policy settings for domains in the forest being administered. You are connected to your logon domain by default; however, you can add connections to other domains. If you expand a domain, you can access the Default Domain Policy GPO, the Domain Controllers OU (and the related Default Domain Controllers Policy GPO), and GPOs defined in the domain.
  • Organizational Units Provides access to the policy settings for OUs in a related domain.
  • Sites Provides access to the policy settings for sites in the related forest. Sites are hidden by default.

GPOs found in domain, OU, and site containers in the GPMC are actually GPO links and not GPOs themselves. The actual GPOs are found in the Group Policy Objects container of the selected domain. Notice also that the icons for GPO links have a small arrow at the bottom left, similar to shortcut icons. You can open a GPO for editing by pressing and holding or right-clicking it, and then selecting Edit.

Figure 4-1

Figure 4-1 Access GPOs for domains, OUs, and sites.

After you’ve selected a policy for editing or created a new policy, use the Group Policy Management Editor to work with the GPOs. As Figure 4-2 shows, the Group Policy Management Editor has two main nodes:

  • Computer Configuration Enables you to set policies that should be applied to computers, regardless of who logs on
  • User Configuration Enables you to set policies that should be applied to users, regardless of which computer they log on to

NOTE

Keep in mind that user configuration options set through local policy objects apply only to computers on which the options are configured. If you want the options to apply to all computers that the user might use, you must use domain, OU, or site policies.

Figure 4-2

Figure 4-2 When you’re editing a GPO in the Group Policy Management Editor, you can view and manage policy settings and preferences.

You will find separate Policies and Preferences nodes under Computer Configuration and User Configuration. When you are working with policy preferences, you use the Preferences node. The options available under a Preferences node depend on whether you are working with Computer Configuration or User Configuration.

Essentials for working with preferences

Group Policy does not strictly enforce policy preferences, nor does Group Policy store preferences in the policy-related branches of the registry. Instead, Group Policy writes preferences to the same locations in the registry that an application or operating system feature uses to store the related setting. This approach allows you to use preferences with applications and operating system features that aren’t Group Policy–aware.

Preferences do not disable application or operating system features in the user interface to prevent their use. Users can change settings that you’ve configured with policy preferences. However, preferences overwrite existing settings, and there is no way to recover the original settings.

As it does with policy settings, Group Policy refreshes preferences at a regular interval, which is every 90 to 120 minutes by default. This means that periodically the preferences you’ve configured will be reapplied to a user’s computer. Rather than allowing a refresh, you can prevent Group Policy from refreshing individual preferences by choosing to apply preferences only once.

The way you use policy preferences depends on whether you want to enforce the item you are configuring. To configure an item without enforcing it, use policy preferences, and then disable automatic refreshes. To configure an item and enforce the specified configuration, use policy settings or configure preferences, and then enable automatic refreshes.

Because preferences apply to both computer configuration and user configuration settings, you will find a separate Preferences nodes under Computer Configuration and User Configuration. In both configuration areas, you’ll find two top-level subnodes:

  • Windows Settings Used to manage general operating system and application preferences
  • Control Panel Settings Used to manage Control Panel preferences

Table 4-1 provides an overview of the available preferences and where they are located within the configuration areas and the top-level subnodes.

Table 4-1 Configurable preferences in Group Policy

Preference Type

Location

Policy Configuration Area(s)

Applications | Application

Windows Settings

User

Data Sources | Data Source

Control Panel Settings

Computer and User

Data Sources | User Data Source

Control Panel Settings

User

Devices | Device

Control Panel Settings

Computer and User

Drive Maps | Mapped Drive

Windows Settings

User

Environment | Environment Variable

Windows Settings

Computer and User

Files | File

Windows Settings

Computer and User

Folder Options | Folder Options (at least Windows Vista)

Control Panel Settings

User

Folder Options | File Type

Control Panel Settings

Computer

Folder Options | Open With

Control Panel Settings

User

Folders | Folder

Windows Settings

Computer and User

Ini Files | Ini File

Windows Settings

Computer and User

Internet Settings | Windows Internet Explorer 8 and 9

Control Panel Settings

User

Internet Settings | Windows Internet Explorer 10

Control Panel Settings

User

Local Users And Groups | Local User

Control Panel Settings

Computer and User

Local Users And Groups | Local Group

Control Panel Settings

Computer and User

Network Options | Dial-Up Connection

Control Panel Settings

Computer and User

Network Options | VPN Connection

Control Panel Settings

Computer and User

Network Shares | Network Share

Windows Settings

Computer

Power Options | Power Plan (at least Windows 7)

Control Panel Settings

Computer and User

Printers | Local Printer

Control Panel Settings

Computer and User

Printers | Shared Printer

Control Panel Settings

User

Printers | TCP/IP Printer

Control Panel Settings

Computer and User

Registry | Registry Item

Windows Settings

Computer and User

Registry | Collection Item

Windows Settings

Computer and User

Registry | Registry Wizard

Windows Settings

Computer and User

Regional Options

Control Panel Settings

User

Scheduled Tasks | Immediate Task (at least Windows 7)

Control Panel Settings

Computer and User

Scheduled Tasks | Scheduled Task (at least Windows 7)

Control Panel Settings

Computer and User

Services | Service

Control Panel Settings

Computer

Shortcuts | Shortcut

Windows Settings

Computer and User

Start Menu | Start Menu (at least Windows Vista)

Control Panel Settings

User
Save to your account

This chapter is from the book