In order to make use of the Group Policy Preferences, you'll need to understand some specifics. In this quick article, we'll explore the following ideas:
- Management machine on which to create Group Policy Preferences
- What is meant by Policy vs. what is meant by Preference
Myth 1
I can't deploy Group Policy Preferences to Windows XP machines
Fact: Preferences works on most target machines types
Group Policy Preferences works awesomely on Windows XP, Windows Server 2003, Windows Server 2008, Windows 7, Windows Server 2008 and Windows Server 2008 R2 machines.
Only Windows XP and Windows Server 2003 machines need a client side update, which is easily performed via WSUS.
Figure 1 ' Group Policy Preferences applied on Windows XP
Myth 2
Group Policy Preferences can be ignored by users
Fact: Group Policy Preferences are delivered, and can be 'worked around'
As we will discuss in Myth 4, a user can work around the Group Policy Preferences settings (generally.) However, what's also true is that the directives are usually re-applied within 90 minutes or so. So, to a user, a preference feels like a policy.
Figure 2 ' A shortcut applied through Preferences can be deleted
Myth 3
Group Policy Preferences re-apply offline
Fact: Group Policy Preferences cannot re-apply when there is no domain controller available
In myth 2, we learned that Group Policy Preferences items are re-applied within 90 minutes or so. But this is only true when the computer can make contact to a Domain Controller and re-establish the Group Policy Preferences' directives.
If the user is offline or the Domain Controller is otherwise unavailable, then the Preference is not reapplied.
Figure 3 ' Group Policy Preferences are not applied without a domain controller
Myth 4
Group Policy 'Policy' is the same as Group Policy 'Preferences.'
Fact: The 'engine' is called (and was always called) Group Policy. But there is a difference between Policy directives and Preferences directives.
Policy directives (most items within the 'Policies' node) are forced upon the target user (or computer) and cannot be worked around. There are some exceptions, but that's the general rule of thumb for Policy.
Preferences directives, on the other hand are set by the Group Policy engine ' but then the user can work around the settings (generally.) Again, there are some exceptions, but that's the general rule of thumb for Preferences.
Myth 5
I can use Windows XP to create Group Policy Preferences directives
Fact: You need a modern management machine to create Group Policy Preferences directives
If you want to take advantage of the Group Policy Preferences, you need to start out on the right foot. That is, you'll need to create your GPOs (which contain Group Policy Preferences) with what I like to call a 'modern management machine.'
It's true, you could go back to previous operating systems to create the Group Policy Preferences. But the ideal situation in which to create Group Policy Preferences is on a modern management machine. That is, Windows 7 or Windows Server 2008 R2.
Note that Windows 7 doesn't have the GPMC built in. You'll need to get it as part of the RSAT, or Remote Server Administration Toolkit ' a free download from Microsoft. Here's an example of when you know you're on the right track: editing a GPO means you get both Policy and Preferences when editing either user or computer sides as seen in Figure 4.
Figure 4 - Policy and Preferences appear when you're using the 'right' management machine to create GPOs
Comments