Windows 7 / Getting Started

Group Policy in Windows Vista and Windows Server 2008

To address the limitations described previously, Windows Vista and Windows Server 2008 introduced the following new features and enhancements for Group Policy:

  • ADMX templates Windows Vista uses Extensible Markup Language (XML)-based Administrative Template (ADMX) files that use standard XML syntax instead of the proprietary syntax used in ADM template files in previous versions of Windows. Language-specific resources are stored in separate Architecture Description Markup Language (ADML) files so that administrators can display Group Policy settings in their own localized languages. For more information about this feature, see the section titled "Understanding ADMX Template Files" later in this tutorial.
  • Central store In Windows Vista, ADMX template files can be stored in a central store in the SYSVOL share on domain controllers instead of within each GPT. In addition, when you configure a central store for ADMX files, the Group Policy Management Console (GPMC) included in Remote Server Administration Tools (RSAT) will not copy or read ADMX files in an individual GPO. These enhancements considerably reduce SYSVOL bloat, which reduces replication traffic and makes Group Policy processing more efficient. Placing ADMX template files in a central store also makes them easier to manage and update across a domain. For more information, see the section titled "Configuring the Central Store" later in this tutorial.
  • ICMP deprecated Instead of using ICMP, Windows Vista uses Network Location Awareness version 2.0 (NLA 2.0) to allow Group Policy to detect the current state of network connectivity for the computer. With NLA, computers running Windows Vista can determine when domain controllers become available or unavailable to the client. NLA also allows computers running Windows Vista to refresh Group Policy in the background after they wake up from Sleep, when they establish a VPN connection, when they dock with a docking station, and when they successfully exit network quarantine. And with NLA, Group Policy can detect slow links without using ICMP and can process Group Policy on the client even when a firewall blocks all ICMP traffic.
  • MLGPOs Support for multiple local Group Policy objects (MLGPOs) is available in Windows Vista. Using MLGPOs provides increased flexibility for configuring standalone computers for shared use, and you can even configure MLGPOs in domain environments if required. For more information, see the section titled "Understanding Multiple Local Group Policy" later in this tutorial.
  • Trace logging Windows Vista includes a new method to enable trace logging for troubleshooting issues with Group Policy Processing. This method separates Group Policy function trace statements from those created by other operating system activities so that log files are easier to interpret when you are trying to diagnose Group Policy failure.
  • New categories of policy settings Windows Vista supports more than 2,500 different policy settings compared with the 1,800 settings supported on previous Windows platforms. These settings include new policy categories such as power management, blocking device installation, printer deployment based on location, and more. For a summary of policy setting categories introduced in Windows Vista, see the section titled "Group Policy Policy Settings in Windows 7" later in this tutorial.
  • RSAT GPMC is now included as part of the RSAT, which is provided both as a built-in feature of Windows Server 2008 and as a separate download for Windows Vista SP1. (Note that you cannot install the downloadable RSAT on Windows Vista RTM computers; you can install it only on Windows Vista SP1 or later.) RSAT provides tools for managing Windows Server 2008 roles and services, and the downloadable RSAT for Windows Vista SP1 has the same version of GPMC that is included with the built-in RSAT feature of Windows Server 2008 and is available in both 32-bit and 64-bit platforms. The new version of GPMC that is included as part of RSAT provides access to the following features:
    • Starter GPOs Starter GPOs provide a foundation for creating GPOs with preconfigured ADM policy settings. A new GPO created from a Starter GPO contains all of the policy settings included in the Starter GPO. Windows Vista SP1 supports two types of Starter GPOs: Custom Starter GPOs, which allow user-created Starter GPOs, and System Starter GPOs, which are read-only Starter GPOs used to distribute predefined configurations. Like GPOs, Starter GPOs can be backed up and restored. Also, you can import and export Starter GPOs from .cab files, which makes them very portable.
    • ADM policy setting filtering This feature lets you apply inclusive filters against the Administrative Templates All Settings node. This allows you to filter ADM policy settings to include Managed/Unmanaged and Configured/Not Configured policy settings. Also, you can use keywords for searching within the policy title, explain text, or comments of ADM policy settings. Last, you can filter on the application or platform requirements, such as filtering for all policy settings that meet the At Least Windows Server 2008 standard.
    • Comments tab In Windows Vista, each ADM policy setting and GPO has an additional property tab named Comments. This provides a location that allows administrators to add descriptive comments to the policy setting or GPO. You can also filter on the contents of the comments field.
    • Group Policy Preferences This feature extends the functionality of existing Group Policy by allowing administrators to perform functions that previously required scripting knowledge. Group Policy preferences allows managing drive mappings, registry settings, Local Users And Groups, files, folders, and shortcuts to client computers. Group Policy preferences can be managed from Windows Vista SP1 with RSAT or Windows Server 2008. Preference client-side extensions (CSEs) are included in Windows Server 2008, whereas downloadable versions of the preference's CSEs are available for Windows Vista RTM or later, Windows XP SP2 or later, and Windows Server 2003 SP1 or later from the Microsoft Download Center.
[Previous] [Contents] [Next]