Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Greg.

« The State of Computer Based Training | Main | "Yes, Virginia, There is a NAP Client for XP" »

What Exactly do Group Policy Preferences Do?

Have you read my recent Redmond Magazine column discussing the new Group Policy Preferences feature to be found with (but not requiring) the release of Server 2008, but are still confused about what it does? If so, Microsoft puts together a list that defines the differences between Group Policy settings, Preference settings, and Group Policy Preference settings. Yes, these three are completely different in how they're managed and what they do.

Click past the fold for a play-by-play discussing each of the (now) three different ways you can use Group Policy to manage your systems.

GP policy settings will:

  • not tattoo. In other words, when a Group Policy object (GPO) goes out of scope, the policy setting is removed allowing the original configuration value to be used.
  • supersede an application's configuration setting. In other words, when a GP policy is configured to a value, the application is aware of that value and always uses it over the configurable value.
  • be recognized by an application. In other words, the display of the configuration item under control of a GP policy setting will be unavailable through the user interface. This is where graying out a configuration item on a menu, not displaying a dialog box, or providing a pop-up message explaining the current feature is under administrator control is used to inform the user they can't configure an option.

Preference settings will:

  • tattoo. In other words, when a GPO goes out of scope, the preference value will remain in the registry. An administrator is responsible for making sure these values are set to disable, prior to the GPO going out of scope, if the administrator wants the preference setting removed. The preference setting will not be replaced with the original application configuration value.
  • overwrite an application's configuration setting. This is accomplished by overwriting the original user configured-value for the application. No effort is made to retain the original value before overwriting the value with the preference setting. And, as was noted in 1, the overwritten value will not be removed when the GPO goes out of scope.
  • not be recognized by an application. In other words, the application's user interface will allow a user to change the configuration item. Most importantly, the Group Policy engine only recognizes when a GPO changes, not when the preference value has been changed. This means the preference setting will be applied once and not automatically reapplied if the user changes the value of the configuration item.

GP preference settings will:

  • tattoo, by default. In other words, when a Group Policy object (GPO) goes out of scope, the GP preference setting will be remain in the registry.
  • However, you can change the behavior of the GP preference setting by selecting the "Remove this item when it is no longer applied" option for a specific GP preference setting. After selecting this option, the GP preference setting will be removed when the GPO goes out of scope.
  • overwrite an application's configuration setting. This is accomplished by overwriting the original user configured-value for the application. The original value will not be retained when the application's configuration setting is overwritten by the GP preference setting.
  • If the option to "Remove this item when it is no longer applied" has been selected, the GP preference setting will be removed. The application will use the default configuration value, not a previously set user configuration value.
  • not be recognized by an application. In other words, the application's user interface will allow a user to change the configuration item. By default, the GP preference setting will be automatically reapplied at every GP refresh, not when the application's configuration value has been changed by the user.
  • Now the administrator can select the "Apply once and do not reapply" option. This will change the GP preference setting's behavior to only apply the GP preference setting value once and not apply again, even if the user has changed the application's configuration value.

This taken from: http://blogs.technet.com/grouppolicy/archive/2008/03/04/gp-policy-vs-preference-vs-gp-preferences.aspx

Tags:    
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Greg Shields on March 13, 2008 12:30 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-windowsserver.com/type/mt-tb.cgi/713

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Greg Shields' Bio:

Greg Shields, is an independent author, instructor, and IT consultant based in Denver, Colorado, and a co-founder of Concentrated Technology. With nearly 15 years of experience in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft systems management, remote application, and virtualization technologies. Greg is a Contributing Editor for Redmond Magazine, MCPmag.com, and Virtualization Review Magazine and is the author of five books, including Windows Server 2008:  What’s New / What’s Changed. Greg is also a highly sought-after instructor and speaker, speaking regularly at conferences like TechMentor Events, and producing computer-based training curriculum for CBT Nuggets.  Greg is a recipient of Microsoft "Most Valuable Professional" award with a specialization in Windows Terminal Services.