Group Policy Blog

Understanding the Role of ADMX (and ADM) Files in Group Policy

Recently I’ve been answering a few questions about the role of ADMX files (Administrative Templates) in Group Policy. For those who are new to Group Policy or haven’t spent a lot of time with it, I have seen some misunderstanding around what these template files actually do, and their role in GP processing. So I […]

Group Policy Loopback Everywhere?

Just the other day I was talking to a customer about Group Policy loopback. If you’ll recall, loopback is that feature in Group Policy processing that allows you to override a user’s *normal* user policy settings when they log into specific machines–such as kiosks or Remote Desktop Services/Citix XenApp servers or VDI systems, where it’s […]

Group Policy Best Practices Play-by-Play at Pluralsight

All- Just wanted to give everyone a heads up that I recently worked with the great folks over at Pluralsight to record a Group Policy Best Practices “Play-by-Play”– a one-on-one discussion with Pluralsight VP Gary Eimerman to talk about the challenges and best practices for deploying and managing Group Policy in your environments. If you are a Pluralsight […]

Optimizing Group Policy WMI Filters

If you live in a Group Policy world that heavily leverages WMI filters, then this tip is for you. Fellow Group Policy MVP Martin Binder wrote up a nice post about how you can optimize WMI filter queries (WQL queries) to improve their processing performance. This article uses a previously illustrated technique by another MVP, […]

Delegate Group Policy Update in Windows 8.x

When Microsoft shipped Windows 8 & Windows Server 2012, they added a new feature in GPMC, that allows you to perform remote Group Policy Updates on OUs of computers. I covered this feature in my previous roundup of Windows 8.1 Group Policy features. This feature is shown in the figure below: As I was exploring […]

Override the Group Policy ADMX Central Store

Ever since Microsoft introduced the Central Store — a folder in SYSVOL where you can centrally keep all of your ADMX and ADML template files for Group Policy management — you’ve had to make all or nothing decisions about which ADMX files you could use for GP editing within your domain. If the Central Store […]

Locating Those Nasty Passwords in Group Policy Preferences Using PowerShell

If you haven’t already seen it, it’s now been widely documented that the feature within GP Preferences Group Policy that allows you to store passwords within a GPO for a variety of uses, is essentially not secure. If you haven’t read one of these posts, please do and familiarize yourself with the issue: http://blogs.technet.com/b/grouppolicy/archive/2008/08/04/passwords-in-group-policy-preferences.aspx http://www.grouppolicy.biz/2013/11/why-passwords-in-group-policy-preference-are-very-bad/ […]

Warning!!!–Group Policy Logon Scripts Delays in Windows 8.1

Last month, I wrote an article on the Petri.co.il website, reviewing the new features around Group Policy in Windows 8.1. Buried in that list of new stuff was a feature that was perhaps a little unheralded and under-advertised, but one that may cause administrators a world of hurt if they are not expecting it. Specifically, I’m […]

Renaming GPOs with PowerShell

Recently, as part of one of our Group Policy consulting engagements, we recommended to a customer to adopt a consistent GPO naming standard. This kind of standard makes the function and purpose of a GPO more clear and eases discovery of a Group Policy environment. As a result of this recommendation, we needed to rename […]

Consolidating & Cleaning Up Group Policy — Best Practices

A fair bit of what we do here at SDM Software is helping folks get a handle on their Group Policy environments. Using products such as our GPO Reporting Pak, we’ve had lots of customers clean up and reduce the clutter (not to mention improve desktop performance) of their Windows desktop environments. We also do […]