Group Policy Blog

Group Policy Tips, Tricks, and News from Darren Mar-Elia

SDM Software and the “GPOGUY” at Microsoft Ignite

Hi Folks-

Just a quick heads up–there’s a lot going on in the next two weeks in Microsoft-land. This week is the developer-oriented Microsoft Build conference in San Francisco, where a lot of new announcements are expected. Following close on the heels of that, is the re-jiggered TechEd conference–now called Ignite – the IT Pro-oriented conference that now combines Windows, Exchange,…

Group Policy And PowerShell–The “Unholy Alliance”

Last night I had the opportunity to present at the Pacific IT Pros user group meeting in San Francisco. As this blog title indicates, the topic was using PowerShell to manage Group Policy. This is a talk I’ve given before, but I updated it to reflect newer capabilities in the Microsoft GP Module as well as provide some insight into how SDM Software’s PowerShell-enabled free and commercia…

Understanding the Role of ADMX (and ADM) Files in Group Policy

How ADMX files correspond to what you see in GP Editor

Recently I’ve been answering a few questions about the role of ADMX files (Administrative Templates) in Group Policy. For those who are new to Group Policy or haven’t spent a lot of time with it, I have seen some misunderstanding around what these template files actually do, and their role in GP processing. So I thought I would take the time to discuss that a bit more.
What Are ADMX Files?

Group Policy Training Course Now Available!

Group Policy Training from GPOGUY

I’ve spread the news a bit on social media, but I wanted to officially blog about the fact that my “Group Policy Fundamentals” video training course is now available for Pluralsight subscribers. This course was definitely a labor of love for me–over 11 hours of Group Policy goodness on everything from the very basics around how Group Policy works, to topics such as best practices for Grou…

Understanding the JASBUG Vulnerability and Group Policy

Netlogon and SYSVOL hardening for JASBUG

Earlier this week, Microsoft released a couple of patches that addressed vulnerabilities in our good friend Group Policy. First, I will say that it’s relatively rare to see such vulnerabilities directly effect Group Policy function, like this one does. That’s a good thing. That said, this one, while not trivial to exploit, is relatively serious and should be addressed. I’ve spent a lot of this…

How Much Group Policy Lockdown is Too Much Lockdown?

Administrative Template Lockdown policy

I’m sure everyone has heard the phrase, “when you have a hammer, everything looks like a nail”. Sometimes Group Policy can be this way. I’ve been doing Group Policy now, for, well…a long time. Before that, I was an early aficionado of System Policy in NT 4.0 and the erstwhile Zero Admin Toolkit (ZAK). Through 20+ years of working in enterprise IT, I have done my fair share of designs around…

Auditing Group Policy Security Settings with Group Policy Compliance Manager


You’ll recall a couple of blog posts ago, I announced that we had shipped our Group Policy Compliance Manager (GPCM) product, which allows you to report on what Group Policy is doing on all your end nodes that process policy. One of the key use cases for Compliance Manager is collecting and auditing data around what security settings have been processed by Windows desktops, and…

Group Policy Loopback Everywhere?

Enabling loopback processing on a computer

Just the other day I was talking to a customer about Group Policy loopback. If you’ll recall, loopback is that feature in Group Policy processing that allows you to override a user’s *normal* user policy settings when they log into specific machines–such as kiosks or Remote Desktop Services/Citix XenApp servers or VDI systems, where it’s mostly commonly used. When a Windows computer has been…

Group Policy Compliance Manager has arrived!

Group Policy Compliance Manager

I started SDM Software back in 2006 with the goal to solve some of the thornier problems of managing Group Policy in enterprise environments. Years of on-the-job experience had shown me the challenges of the “in-the-box” solutions when it came to delivering a reliable end-to-end configuration management system using GP. And while Microsoft had provided good “plumbing”, there were a lot of missing…

Group Policy Best Practices Play-by-Play at Pluralsight

Group Policy Best Practices Play-by-Play--Pluralsight


Just wanted to give everyone a heads up that I recently worked with the great folks over at Pluralsight to record a Group Policy Best Practices “Play-by-Play”– a one-on-one discussion with Pluralsight VP Gary Eimerman to talk about the challenges and best practices for deploying and managing Group Policy in your environments. If you are a Pluralsight subscriber or want to be, you can…

Copyright ©2013 SDM Software, Inc.
Site design by Social Media Ninjas | Sitemap