Windows 8 Group Policy Settings
Window 8 Group Policy Settings
The keyword 'group' indicates we are dealing with a bunch of machines, and not the local policy of a home computer. While the keyword 'settings' means the policy is tattooing values in to the User Interface, rather than providing a preference that a user could change.
The traditional idea is that administrators plan Group Policy Settings, and then configure the values using GPMC. The result is that some menus on their users' computers are locked-down, and choices are removed. The benefit is that users don't waste time fiddling with menus in the 'Network and Internet', or worse, compromise security by adding programs or removing files via USB sticks.
What antagonizes users about draconian group policies is that in the office they are not allowed to configure trivial settings they are familiar with on their home version of Windows 8. For example, some left handers like to swap the mouse buttons.
The latest thinking amongst network architects is to plan the best of both worlds, server administrators can configure policy settings in the traditional manner, but they can also employ Group Policy Preferences for Windows 8 computers, whereby the company merely suggests non-critical settings, and the users are free to change them.
Planning Your Windows 8 Group Policy Settings
So that you can to make effect policy settings, you need two people with different points of view, sit them down and persuade them each to make compromises . My choice would be to pair a techie, who knows GPMC, with a manager with a vision of what the company's Windows 8 computers interface should look like for the users. An alternative would be one person who could wear two hats called 'Computer security' and 'User comfort'.
Examples of Group Policy Settings
Let us turn to practical matters, and get a simple policy working. It may be easier, and safer, to learn about Policy Settings by launching the Local Policy Editor - Gpedit.msc - on a Windows 8 machine, rather than grappling with the Group Policy Settings using GPMC on a domain controller.
My thinking is once you understand how to persuade a policy to 'bite' on a client computer using Gpedit, then you are more prepared for the extra layers of interactions caused by domain controller replication, and delays between ticking a box in the server's GPMC, and it taking effect on the Windows 8 client.
Search for Gpedit.msc (or GPMC and launch the policy editor)
Computer Configuration v User Configuration
Prohibit access to
the Control Panel
There is no need to logoff, just check to see if the Control Panel has disappeared from the menu. If you search for Control Panel, then click on the executable, do you get a Restrictions message saying the operation has been cancelled? If so this means your policy is biting on the user.
SolarWinds' Orion performance monitor will help you discover what's happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
Windows 8 Group Policy Updates
Configure Automatic Updates
for Windows 8
More ideas for settings to get the feel of Windows 8 Group Policy Settings.
NTM will produce a neat diagram of your network topology. But that's just the start; Network Topology Mapper can create an inventory of the hardware and software of your machines and network devices. Other neat features include dynamic update for when you add new devices to your network. I also love the ability to export the diagrams to Microsoft Visio.
Finally, Guy bets that if you test drive the Network Topology Mapper then you will find a device on your network that you had forgotten about, or someone else installed without you realizing!
Download your 14 day free trial of SolarWinds Network Topology Mapper
Enforce Policy (No-override)
Types of Group Policy Settings
In practice this means administrators finding ways of restricting what their users can do, rather as a racehorse trainer may put blinkers on a steed to make them concentrate on the job in hand, for instance enforcing a policy to, 'Turn off desktop gadgets' or 'Prohibit access to the Control Panel'.
One result of Windows 8 group policies is that companies create a customized version of the operating system, which is very different from the users' home version of Windows 8. For example, 'Turn off desktop gadgets' is enabled at work, while there is no such restriction at home.
Get a Test Machine
Like their predecessors, Windows 8 Group policies make changes to the registry, a fact which you can turn to your advantage by creating your own .adm template based on registry keys, then importing these settings into your Group Policy. That said this advanced technique is only useful if there is no existing policy in the Administrative Template section.
Get a Simple Policy Working
Read the Policy Carefully
This Engineer's Toolset v10 provides a comprehensive console of 50 utilities for troubleshooting computer problems. Guy says it helps me monitor what's occurring on the network, and each tool teaches me more about how the underlying system operates.
There are so many good gadgets; it's like having free rein of a sweetshop. Thankfully the utilities are displayed logically: monitoring, network discovery, diagnostic, and Cisco tools. Try the SolarWinds Engineer's Toolset now!
Windows 8 Gpresult Command
This built-in command-line utility displays the Resultant Set of Policy (RSoP) information, Here below is a small section of what the Windows 8 Gpresult reveals about your group policy.
Note: Before you launch cmd.exe, or PowerShell,
remember to 'Run as administrator' else the Windows 8 Gpresult will
issue an access denied
message when you issue a command such as:
Left to it's own timetable, a Windows clients initiates a group policy 'pull' about every 100 minutes. The purpose of Windows 8's Gpupdate is to force an instant update rather than waiting up to 2hrs (90 mins + Random 30).
Mostly I launch cmd.exe (Run as administrator), or these days I tend to use PowerShell, then I just type 'Gpupdate' on its own. However, you may benefit from one of these switches:
/force. Reapplies all group policy settings.
/target:computer or /target:user Applies only the computer (or user) section of your policy. Normally I would use plain Gpupdate without this option.
/logoff. Useful for those few settings that do not apply until the user logs on again.
/boot. Handy for the rare configuration that needs the computer to restart.
GPMC and Gpedit
Domain administrators set group policies for their users via GPMC. For a Workgroup or HomeGroup you can use Windows 8's built-in Gpedit. Actually, this highlights the main benefit of a domain - central administration. I regard Gpedit as merely a reference for when the domain is not available, or as a test-bed for trying settings on one machine without disrupting the domain workforce.
Problem: You Cannot Find Gpedit
The first source of frustration is that you type plain gpedit, whereas it only appears in search results when you add the .msc extension, thus always type the full: gpedit.msc.
Another problem is that you have the Home Premium edition; and you need the Ultimate, Professional (old Business) or Enterprise editions in order to get a copy of the Windows 8 Group Policy Editor.
SolarWinds' Config Generator is a free tool, which puts you in charge of controlling changes to network routers and other SNMP devices. Boost your network performance by activating network device features you've already paid for.
Guy says that for newbies the biggest benefit of this free tool is that it will provide the impetus for you to learn more about configuring the SNMP service with its 'Traps' and 'Communities'. Try Config Generator now - it's free!
Storing Windows 8 Group Policies
Any Windows 8 Group Policies created by gpedit.msc are stored in a this
Note 1: Make sure you tick 'Hidden items' in the View tab.
Note 2: You should see both GroupPolicy\ and GroupPolicyUser\.
* The environment variable %SystemRoot% usually translates to C:\Windows. See more about Windows 8 Gpedit.
Here is Another Sample of Windows 8 Group Policies
Enlightened administrators can find ways of using Windows 8 group policies to make life easier for their users, for example, on low-spec machines 'Always render print jobs on the server'.
Summary of Windows 8 Group Policy Settings
Microsoft's Group Policies can be traced back to System Policies in NT 4.0. The concept is to provide a Group Policy Management Console (GPMC), where an administrator can configure operating system settings that apply to all his machines, and all the users in his domain.
Before you start choosing Group Policy Settings for real, take the time to flesh-out a vision of the Windows 8 computer that you want for this particular group of users. As for mastering the individual policy items, practice on safe and easy to understand settings. The main dangers are double negatives confusing you, and thinking a setting is not working, when you are just looking in the wrong place.
If you like this page then please share it with your friends
Microsoft Windows 8 Group Policy Topics