What's New in Group Policy Settings
With October's massive Microsoft product releases comes new and modified configuration options.
- By Greg Shields
Sometimes quality really is better than quantity. Remove the duplicates and Windows Server 2012 R2 and Windows 8.1 add a mere 45 new Group Policy Administrative Template settings, plus seven more for Internet Explorer 11. These numbers compare with more than 350 new settings found in the last Microsoft OS releases.
While Windows 8 and Windows Server 2012 offered more configuration options, the fewer choices in new Windows 8.1 and Windows Server 2012 R2 are perhaps more widely in demand.
Take for example the eight new settings in User Configuration | Start Menu and Taskbar. These intend to deliver the Start Menu control many of you need to overcome concerns with the look and feel of Windows 8:
- Start screen layout
- List desktop apps first in the Apps view
- Search just apps from the Apps view
- Go to the desktop instead of Start when signing in or when all the apps on a screen are closed
- Prevent users from uninstalling applications from Start
- Show the Apps view automatically when the user goes to Start
- Show Start on the display the user is using when they press the Windows logo key
- Pin Apps to Start when installed
The setting "Start screen layout" is particularly compelling. This lets you define and enforce a standard Windows 8.1 Start screen. That standard is enforced, meaning you prevent users from changing the configuration once it's set.
Start screen layouts used by this Group Policy setting are stored in XML files generated by a new Export-StartLayout Windows PowerShell cmdlet. You'll have to first manually create a layout on a reference desktop. Then run the cmdlet to generate the Group Policy setting's needed XML file.
If enforcing Start menu settings isn't your style, "Pin Apps to Start when installed" might help, but you'll have to put in some extra effort up front. Enabling this setting also requires you to supply a list of AppIDs. You'll need one per application that might possibly be installed. AppIDs can be tough to locate, but you can find examples by digging into the Export-StartLayout cmdlet's XML output.
While in previous versions of Windows Group Policy Preferences (GPPs) have been the go-to option for unique Start menu customizations, a cursory look at Windows 8.1 GPPs finds no such support for manipulating the new Start menu experience -- what a pity.
The Start menu isn't the sole recipient of Group Policy attention in this release. SkyDrive (or whatever Microsoft ultimately renames the service, having agreed not to fight Sky Broadcasting for the name) gets three Computer Configuration policies that limit its use as document storage:
- Save documents and pictures to the local PC by default
- Prevent the usage of SkyDrive for file storage
- Prevent SkyDrive files from syncing over metered connections
If you're looking to control distribution of Windows updates, you'll appreciate the new Computer Configuration setting, "Do not connect to any Windows Update Internet locations." This setting ensures clients don't inadvertently grab updates from Microsoft that haven't undergone internal testing.
Two humorously long-winded User Configuration settings offer to tailor the Windows 8 UI by eliminating its corner menus:
- Search, Share, Start, Devices and Settings don't appear when the mouse is pointing to the upper-right corner of the screen
- Do not show recent apps when the mouse is pointing to the upper-left corner of the screen
Finally, the award for the oddest-named Group Policy setting to date goes to another new Windows 8 UI setting found under User Configuration:
- Prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the lower-left corner or press the Windows logo key+X
Indeed, that menu.
Greg Shields is a senior partner and principal technologist with Concentrated Technology. He also serves as a contributing editor and columnist for TechNet Magazine and Redmond magazine, and is a highly sought-after and top-ranked speaker for live and recorded events. Greg can be found at numerous IT conferences such as TechEd, MMS and VMworld, among others, and has served as conference chair for 1105 Media’s TechMentor Conference since 2005. Greg has been a multiple recipient of both the Microsoft Most Valuable Professional and VMware vExpert award.