Group Policy is still an administrator’s best tool when it comes to managing users within an Active Directory based Windows Server environment. With Windows Server 2012, Microsoft has improved Group Policy Management to simplify the jobs of administrators and empower them with greater control over their cloud environment.
Microsoft has added new features and improved the existing Group Policy Management Console in Windows Server 2012. Many of the updates we’re reviewing in this blog have been highly anticipated by Windows Server veterans (including myself). In this blog, we will briefly look at some of the Windows Server 2012 Group Policy Changes and how these updates and how these relate to helping your organization become a more efficient technology provider for each of your clients.
Remote Group Policy Update
Prior to the release of Windows Server 2012, administrators using Windows Server 2003 or 2008 had to wait for a period of time to pass on or initiate Group Policy updates. With Windows Server 2012, administrators can now select an entire organization unit (OU) and all computers within that OU will be updated within 10 minutes from a remote central location, which will help you deploy updates more quickly and more efficiently.
Once the option is selected from the Group Policy Management Console, a window will open up defining how many computers will be affected with this update. Upon activation, the updates will be applicable on servers and all sub containers or USER and COMPUTER portion of the Group Policy Objects.
The Group Policy Update can further be drilled down to manage updates at a granular level using Power Shell. The Invoke GPUpdate cmdlet enables scheduling remote Group Policy updates on specified computers at a predefined time, restarting the target computers, and other custom options.
Status Update (Group Policy Infrastructure)
Another great change that Microsoft made with as part of their Windows Server 2012 Group Policy Changes is a component that provides information regarding the replication status of Group Policy updates, known as the Infrastructure Status. This tool provides server administrators insight into the replication or sync status of the Group Policy objects on each domain controller. It also provides information into the replication status of Active Directory and SYSVOL (DFSR) folders that are essential for ensuring that Group Policy Updates are properly replicated across all domain controllers.
Windows Server 2012’s Infrastructure Status tool works far better than the previous GPO tool available in prior versions of Windows Server. The Infrastructure Update tools consists of a “Detect Now” feature/button that checks and compares all the domain controllers with the baseline server. The comparison checks the SYSVOL Group Policy file hashes, Access Control Lists (ACL), file counts, Group Policy objects (GPO) and GPT versions against the baseline server on all the domain controllers (DC). However, based on the size of the IT environment, it can take some time to evaluate all the results.
Windows 8 Support
As anticipated, Windows Server 2012 has native support for Windows 8. It includes a list of administrative templates and security configurations that are designed specifically for Windows 8 machines within a Windows Server 2012 environment. Here are some of the types of templates included:
- Enable AD/DFS domain controller synchronization during policy refresh.
- Turn off Group Policy Client Service AOAC optimization.
- Configure Direct Access connections as a fast network connection.
- Change Group Policy processing to run asynchronously when a slow network connection is detected.
- Turn off Local Group Policy Objects processing.
- Specify startup policy processing wait time.
- Allow cross-forest user policy and roaming user profiles.
- Configure software Installation policy processing.
- Configure disk quota policy processing.
- Configure EFS recovery policy processing.
- Configure folder redirection policy processing.
- Configure Internet Explorer Maintenance policy processing.
Enhanced Troubleshooting Options
Finally, Microsoft enhanced troubleshooting as part of their Windows Server 2012 Group Policy Changes. Microsoft has further empowered administrators to become more efficient technology providers with the Group Policy Reporting and Troubleshooting services, which integrate the log-based Group Policy activity directly within the Group Policy Management Console.
Prior versions of Windows Server required administrators to use Resultant Set of Policy (RSOP) and then compare it with the event log tracing to evaluate which policy wasn’t implemented and why they were not implemented. This is now enabled by adding Group Policy Results, which provide detailed logs of each specific activity taking place in the Group Policy.
When opened, Group Policy Results displays the summarized and detailed view of the results of Group Policy processing along with warnings that can impact its processing such as Block Inheritance on an Organizational Unit with the target computer. The main window/screen provides the overview of each specific component where an update, activity or process has been performed, its status i.e. successful or unsuccessful and when the policy was last updated and the total time it took. Each component has a view log link along with it, which leads the administrator to log file view that describes the event ID, event time, event description and event details in XML format.
Learn More About Windows Server 2012 Group Policy Changes
With these updates and changes to the Group Policy Management Console, upgrading to Windows Server 2012 is a great way for Windows Server administrators, who are currently using versions of Windows Server 2003 or 2008, to become more efficient technology providers for their clients. Most importantly, Awesome Cloud offers each of our channel partners and cloud resellers the opportunity to upgrade to Windows Server 2012 at no additional cost. Let’s keep the conversation going on Twitter using the @awecloud handle.