Group Policy Blog

Group Policy Tips, Tricks, and News from Darren Mar-Elia

“Secure by Default” and Hardening Your Windows Configurations

Managing GPO Delegation

I had a good email conversation last week with someone on the PowerShell team at Microsoft, in the wake of the release of our Desired State Configuration CSE. The gist of his question was around how users could protect the configuration information held within the DSC documents that got deployed via Group Policy. He mentioned that “Secure by Default” should be the mantra for all things related to…

Desired State Configuration and Group Policy Come Together!

The DSC Group Policy Editor Extension

If any of you were at Microsoft’s Ignite conference last week, and caught the session I participated in around Group Policy, you might have heard me talk about an exciting new piece of technology related to PowerShell Desired State Configuration that we were releasing soon. Well, I’m happy to announce that it’s here! So, what is it?
Push, Pull and…GP?
If you’ve followed my blog over the past…

Group Policy Session at Microsoft Ignite Conference

Hi folks

I wanted to drop a quick note to remind those of you at Microsoft Ignite conference here in Chicago, that I’ll be presented a Group Policy session in about 45 minutes (9am local time) with fellow MVP Jeremy Moskowitz, in room S100 (that’s a ginormous room!) If you are at the show, definitely check it out. We’ll be talking about what’s new in GP in Windows 10 as well as provide som…

SDM Software and the “GPOGUY” at Microsoft Ignite

Hi Folks-

Just a quick heads up–there’s a lot going on in the next two weeks in Microsoft-land. This week is the developer-oriented Microsoft Build conference in San Francisco, where a lot of new announcements are expected. Following close on the heels of that, is the re-jiggered TechEd conference–now called Ignite – the IT Pro-oriented conference that now combines Windows, Exchange,…

Group Policy And PowerShell–The “Unholy Alliance”

Last night I had the opportunity to present at the Pacific IT Pros user group meeting in San Francisco. As this blog title indicates, the topic was using PowerShell to manage Group Policy. This is a talk I’ve given before, but I updated it to reflect newer capabilities in the Microsoft GP Module as well as provide some insight into how SDM Software’s PowerShell-enabled free and commercia…

Understanding the Role of ADMX (and ADM) Files in Group Policy

How ADMX files correspond to what you see in GP Editor

Recently I’ve been answering a few questions about the role of ADMX files (Administrative Templates) in Group Policy. For those who are new to Group Policy or haven’t spent a lot of time with it, I have seen some misunderstanding around what these template files actually do, and their role in GP processing. So I thought I would take the time to discuss that a bit more.
What Are ADMX Files?

Group Policy Training Course Now Available!

Group Policy Training from GPOGUY

I’ve spread the news a bit on social media, but I wanted to officially blog about the fact that my “Group Policy Fundamentals” video training course is now available for Pluralsight subscribers. This course was definitely a labor of love for me–over 11 hours of Group Policy goodness on everything from the very basics around how Group Policy works, to topics such as best practices for Grou…

Understanding the JASBUG Vulnerability and Group Policy

Netlogon and SYSVOL hardening for JASBUG

Earlier this week, Microsoft released a couple of patches that addressed vulnerabilities in our good friend Group Policy. First, I will say that it’s relatively rare to see such vulnerabilities directly effect Group Policy function, like this one does. That’s a good thing. That said, this one, while not trivial to exploit, is relatively serious and should be addressed. I’ve spent a lot of this…

How Much Group Policy Lockdown is Too Much Lockdown?

Administrative Template Lockdown policy

I’m sure everyone has heard the phrase, “when you have a hammer, everything looks like a nail”. Sometimes Group Policy can be this way. I’ve been doing Group Policy now, for, well…a long time. Before that, I was an early aficionado of System Policy in NT 4.0 and the erstwhile Zero Admin Toolkit (ZAK). Through 20+ years of working in enterprise IT, I have done my fair share of designs around…

Auditing Group Policy Security Settings with Group Policy Compliance Manager


You’ll recall a couple of blog posts ago, I announced that we had shipped our Group Policy Compliance Manager (GPCM) product, which allows you to report on what Group Policy is doing on all your end nodes that process policy. One of the key use cases for Compliance Manager is collecting and auditing data around what security settings have been processed by Windows desktops, and…

Copyright ©2013 SDM Software, Inc.
Site design by Social Media Ninjas | Sitemap