Group Policy Blog

A New, Old Threat: Dealing with AD and Group Policy Information Exposure

Delegation–A Blessing or a Curse? I’ve been wanting to sit down and write this blog post about AD information exposure for a couple of weeks now, and am finally finding the time to do so. For those of you who follow my blog, you know that I posted nearly a year ago after a visit … Read More.

Sick of WannaCry? Don’t Read This…

I saw a humorous tweet today that said something to the effect that the number of blog posts about the recent “WannaCry” ransomware attack have now exceeded the number of infected machines. I am loathe to add truth to that saying, but I, of course, have something to say about it, so here we go… … Read More.

ADMX Files for Windows 10 Build 1703 “Creators Update” Now Available

Now that the Windows 10 “Creators Update” is available, Microsoft has made the ADMX files for this new Windows 10 release available for download. As I mentioned in my last blog post, you can no longer guarantee that new ADMX files are backward compatible with the previous versions. So, how do you try out these … Read More.

Managing ADMX Files in a Windows 10 World

Microsoft has recently put out several articles explaining some of the nuances of ADMX files in the new world of Windows-as-a-Service–where new Windows builds come out frequently and often ship with new versions of ADMX templates. I’ve blogged previously about the role of ADMX–how is essentially builds the UI that you see under Administrative Templates policy within … Read More.

SDM Software and Semperis Partner to Provide World-Class AD & Group Policy Solutions

Hey Folks- Today I’m happy to announce that we’re partnering with Semperis–a leader in providing Active Directory recovery solutions–to help bring customers more complete solutions around AD & GP management. I’m particularly excited about this partnership because it means a lot of cool opportunities for our customers to learn more about AD and GP, the … Read More.

Group Policy as Malware Delivery System

While the title to this post may sound a bit scary or ominous, the subject of this post is definitely real. A fellow IT guy whom I’ve known for many years, alerted me to a situation he came across in an IT shop he was helping. Namely, the customer’s computers got infected with a ransomware virus, which … Read More.

Making Sense of Group Policy SYSVOL Mismatch Errors

When I was working on the update for our Group Policy Health Reporter freeware tool recently, I noticed a very annoying “feature” that Microsoft seemed to introduce into Group Policy on Windows 7 and 2008-R2 systems. I’m pretty sure it started when they released the infamous MS16-072 patch that I blogged extensively about last year. Namely, any health … Read More.

Answering the Boss’s Question–“Can You Prove to Me That Critical Security Setting is on Every Machine?”

With RSA Conference going on this week here in San Francisco, I thought it was timely to talk about Group Policy’s role in securing your Windows environment. Many of you are undoubtedly using Group Policy to deliver security settings, based on industry-standard benchmarks from organizations like CIS or government standards like DISA-STIG. And through that process, how … Read More.

Getting Started with Group Policy Automation Engine

PowerShell has increased in popularity quite a bit over the past few years. I recall my initial reaction to Jeffrey Snover’s ‘Monad Manifesto‘ that was published back in 2002 or so. It was quite revolutionary. Over the years it has been exciting to see it take form. The learning curve elicits different emotions in different … Read More.

Registry Policy Viewer 1.5

Darren took the time to prove to us that even the greatest tools can be improved! Thank you for that. The Registry Policy Viewer that GPOGuy introduced years ago has continued to be a favorite. A few new features have been added and some really interesting usability updates will make this great tool even better. … Read More.