Most Windows sys admins know Group Policy administration is an integral tool to manage user, security and networking...
policies. Windows Server 2016 makes a number of minor changes to Group Policy and includes a number of new policy settings that administrators should consider.
Some policies are particularly noteworthy for admins who manage mobile devices. For example, Windows Server 2016 includes a suite of application management group policies in the appprivacy.admx template. These allow Windows applications to access local tools, such as the calendar, call history, contacts, camera, email, location, messages, microphone, motion, radios, account information, trusted devices and synchronization.
Administrators can apply new Group Policy settings across a variety of templates to:
- prevent the launch of Windows Store apps with Windows Runtime API access (appxruntime.admx);
- disable Microsoft consumer experience reporting (cloudcontent.admx);
- allow input personalization (globalization.admx);
- block untrusted fonts (grouppolicy.admx);
- toggle user control over builds and toggle the use of telemetry (datacollection.admx); and
- stop the display of Windows Tips (cloudcontent.admx).
There are also numerous security policies and capabilities added to Windows Server 2016 for Group Policy administration. For example, administrators can:
- disable prerelease features or settings (datacollection.admx);
- turn off the Key Management Service client and online Address Verification System validation (avsvalidationgp.admx);
- use enhanced antispoofing techniques (biometrics.admx); and
- assign a default credential provider (credentialproviders.admx).
Some of the new Group Policy settings are dedicated to cryptographic operations. Administrators can use the ciphersuiteorder.admx template to set the elliptic curve cryptography order, or use lanmanserver.admx to set the cipher suite order or force use of the cipher suite order.
These new policies are primarily intended for Windows Server; Windows Nano Server does not support Group Policy directly. However, administrators can apply other policies to core applications such as Internet Explorer 10, Microsoft Edge and so on. To help with Group Policy administration, Microsoft Download Center maintains a complete set of documentation for Windows Server 2016, which includes spreadsheets that detail the available Group Policy settings. These settings include corresponding policy paths and registry information.
How the .admx format gives admins more flexibility
Containers, storage play big part in Windows Server 2016
Must-know Windows Server 2016 security changes
What Nano Server features are best for your business
Dig Deeper on Microsoft Group Policy Management
Related Q&A from Stephen J. Bigelow
Photon Controller and vSphere Integrated Containers both manage containers, but in different ways. What's the difference between these utilities, and...continue reading
Photon OS optimizes VMware Photon platform deployment, not only in vSphere but in GCE, EC2 and more. Follow these steps to learn how to run Photon OS...continue reading
Performance problems can be caused by a number of things, including overprovisioning and poor vCPU selection and assignment to VMs. Use these ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.