Yesterday, Microsoft announced that Release Candidate 1 (RC1) of Windows Server 2008 has been released to the public. This near-final test build of the server release incorporates a couple of new features and what is sure to be deemed an "enhancement" to the community. In this piece, I'll take a look at the new capabilities in Group Policy, and an update to Windows Genuine Advantage, that were introduced with RC1.
An introduction to Group Policy Preferences
Windows Server 2008 RC1 incorporates a feature called Group Policy Preferences, essentially the old PolicyMaker Standard Edition and Policy Share Manager in new form. Preferences is now part of the Group Policy Management Console.
In a nutshell, preferences allow you to "suggest" an initial configuration to your users while still giving them the ability to change them. Let's delve a little deeper into this.
You are probably familiar with Group Policy, the standard way to achieve a consistent configuration using out-of-the-box tools in a Windows domain environment. With Group Policy, an administrator can determine and set up his or her mandatory environment, configure it appropriately for the organization's needs, and then leave it up to Windows to strictly enforce those settings.
Group Policy generally overrides any user-provided settings in the event of a conflict, and it typically disables any user interface functions that could be used to change those settings. And while one can limit or otherwise affect the scope of a group policy object (GPO), Group Policy essentially can touch every machine that is a member of any given Windows domain. Machines and settings controlled by Group Policy are termed "managed" machines and settings.
In contrast, Group Policy Preferences (GPP) take a bit of a lighter approach. While GPPs still are set up by an administrator and filter down to managed clients, Group Policy writes preferences to the same places in the Registry where applications store their data about that specific setting. This lets GP address settings and switches in applications that don't by default know about Group Policy. So now applications you previously couldn?????????t address in a managed way can be touched through GP, which is a welcome feature.
In addition, there isn't a restriction on the software's user interface, so if the administrator-defined preferences don't meet a user's working style or in some other way aren't what a user wishes, he or she is free to change GPP settings. You can also define the schedule at which Group Policy refreshes preference information. It can either be done at the same interval that GP refreshes policy -- the mandatory settings -- or you can set it once and then prohibit Windows from refreshing that preference again.
GPP is also "light-touch." You can create GPOs that contain preference information right out of the box. On the client, you'll need to install via a separate download a client-side extension (CSE); this will need to be deployed to any computer that is a target of your preference settings.