Windows Server 2008 – Group Policy Preferences

Windows Server 2008 – Group Policy PreferencesWindows Server 2008 Group Policy Preferences

Group Policy Preferences are one of the top 10 new features in Windows Server 2008.

Whereas regular Group Policies ‘Tattoo’ settings, Preferences merely pencil an outline, which the users can then erase and replace with their own choices.

Benefits of Preferences Rather Than Policies

With Windows Server 2008 preferences you, as the administrator, can establish the very best first logon settings for the users.  Thereafter each individual can over-ride your suggestions without fear of having their new settings reversed by ‘big brother’.

Other benefits include the ability to set preferences for applications and registry settings outside the scope of traditional Group Policy templates.  If you need fine-control over who starts with which setting lookout for: ‘Preference item-level targeting’.

Should Group Policy Preferences appear too slack, you can regain control through the ability to ‘refresh’ the users settings.  However, by default, and in keeping with the whole spirit of preferences, the principle is to advise, but then let the user chose their own environment.

Other Benefits of Preferences

As you experiment with Preferences, think laterally; embrace the new technology and you will be pleasantly surprised with extra benefits.  For example, there will be less need for Logon Scripts to map drives and printers.  This will save you debugging VBScript commands, and there will be fewer problems with permissions or with firewalls blocking logon scripts. 

Group Policy Preferences will help you recover from, and snuff-out, configuration errors.  Let us be realistic, with every client roll-out less sooner or later than optimal settings appear, thanks to preferences you can correct these slip-ups before the users start moaning.  See how todisable Windows 8 firewalls with a Group Policy.

Another side-effect is that you can rollout Vista (or XP) with fewer images, this is because you can fine-tune one main image with settings controlled by Group Policy Preferences.

Possibly, I have saved the biggest benefit of Preferences over Group Policy until last.  There are about a dozen preference extensions that are simply not available with the regular Group Policy templates. 

Example of Preferences – Map Network Drive

Group Policy Preferences Map Network Drive

The above example shows a preference for mapping the K: drive to a folder called ‘burrium’ on a network server called ‘buster’.

Guy Recommends:  SolarWinds’ Log & Event Management ToolSolarwinds Log and Event Management Tool

LEM will alert you to problems such as when a key application on a particular server is unavailable.  It can also detect when services have stopped, or if there is a network latency problem.  Perhaps this log and event management tool’s most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.

Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA.  LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches – give LEM a whirl.

Download your FREE trial of SolarWinds Log & Event Management tool.

File and Folder Preference

With the Files preference extension you can create, replace, update, or even delete files on the target computer.  I also love the way preferences supports environment variables such as AppData, thus you don’t need to hard-code the paths.  One practical use for this combination of folders and environmental variables is for clearing up temp files.

Meanwhile the sister configuration: Network Shares supports the Access-based Enumeration (ABE), which prevents users from seeing subfolders where they don’t have any permissions.


Shortcuts are one of the quickest and easiest ways to help users, for example, you can add URL shortcuts to websites.  In addition to the Desktop, you can create shortcuts in the Favorites folder, Start menu, even on the Quick Launch toolbar.

Other Areas to Configure Preferences

You can also create preference for the Control Panel, XP or Vista Printers, Power Options, Scheduled Tasks and VPN connections for remote access.

What Action Do You Want Preferences to Achieve?

You may have already inferred, the four actions for each Group Policy Preference are:

Create, Delete, Replace and Update.

Each Preference feature also has a ‘Common’ Tab where you can set these extra options:

  • Stop processing items in this extension if an error occurs.
  • Run in logged-on user’s security context (user policy option).
  • Remove this item when it is no longer applied.
  • Apply once and do not reapply.
  • Item-level targeting control.
    Targeting determines which users and computers a setting applies.  Check the option, and then select the Targeting button.

See how to add GPMC in Windows Server 2012 »

Get a Report for Your Preferences

Fortunately, you can see which Group Policy Preferences you have set by creating a reports within the Group Policy Management Console (GPMC).  Create a report by starting in the Group Policy Results folder, found at the bottom of the Console tree.

Group Policy preferences client-side extension (CSE)

A twist in the tail.  Before you get any action on the XP or even Vista clients, you need to download Group Policy preferences client-side extension (CSE).  Presumably you will use the Group Policy’s own technology to Assign this software to your domain computers.  The way to get started is to visit Microsoft’s site to get a copy of the CSE package. See Windows 8 Group Policy Preferences.

Guy Recommends: Permissions Analyzer – Free Active Directory ToolFree Permissions Analyzer for Active Directory

I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT.  When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource.  Give this permissions monitor a try – it’s free!

Download Permissions Analyser – Free Active Directory Tool

Summary of Windows Server 2008 – Group Policy Preferences

My speciality is getting people started, in this instance, once you home in on the keyword ‘Preferences’ my job is done.  The main difference between the word ‘Preferences’, and the phrase ‘Policy Settings’, is enforcement.

If you like this page then please share it with your friends


Microsoft Windows Server 2008 Topics:

Server 2008 Home   • Overview   • What’s New?   • Migration Advice   • Install   • Group Policy

Server 2008 SP1   •Server Shutdown Command   • Hyper-V   • UAC   • IPv6   • ipMonitor

 • Review of Network Performance Monitor   • Upgrade W2k8 R2   • Windows Server 2012