Q
Manage Learn to apply best practices and optimize your operations.

What's new with Group Policy administration in Windows Server 2016?

Windows Server 2016 includes a suite of new Group Policy settings. These settings allow admins to manage mobile app access and set numerous security policies.

Most Windows sys admins know Group Policy administration is an integral tool to manage user, security and networking...

policies. Windows Server 2016 makes a number of minor changes to Group Policy and includes a number of new policy settings that administrators should consider.

Some policies are particularly noteworthy for admins who manage mobile devices. For example, Windows Server 2016 includes a suite of application management group policies in the appprivacy.admx template. These allow Windows applications to access local tools, such as the calendar, call history, contacts, camera, email, location, messages, microphone, motion, radios, account information, trusted devices and synchronization.

Administrators can apply new Group Policy settings across a variety of templates to:

  • prevent the launch of Windows Store apps with Windows Runtime API access (appxruntime.admx);
  • disable Microsoft consumer experience reporting (cloudcontent.admx);
  • allow input personalization (globalization.admx);
  • block untrusted fonts (grouppolicy.admx);
  • toggle user control over builds and toggle the use of telemetry (datacollection.admx); and
  • stop the display of Windows Tips (cloudcontent.admx).

There are also numerous security policies and capabilities added to Windows Server 2016 for Group Policy administration. For example, administrators can:

  • disable prerelease features or settings (datacollection.admx);
  • turn off the Key Management Service client and online Address Verification System validation (avsvalidationgp.admx);
  • use enhanced antispoofing techniques (biometrics.admx); and
  • assign a default credential provider (credentialproviders.admx).

Some of the new Group Policy settings are dedicated to cryptographic operations. Administrators can use the ciphersuiteorder.admx template to set the elliptic curve cryptography order, or use lanmanserver.admx to set the cipher suite order or force use of the cipher suite order.

These new policies are primarily intended for Windows Server; Windows Nano Server does not support Group Policy directly. However, administrators can apply other policies to core applications such as Internet Explorer 10, Microsoft Edge and so on. To help with Group Policy administration, Microsoft Download Center maintains a complete set of documentation for Windows Server 2016, which includes spreadsheets that detail the available Group Policy settings. These settings include corresponding policy paths and registry information.

Next Steps

How the .admx format gives admins more flexibility

Containers, storage play big part in Windows Server 2016

Must-know Windows Server 2016 security changes

What Nano Server features are best for your business

This was last published in February 2017

Dig Deeper on Microsoft Group Policy Management

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Which of the new Group Policy settings in Windows Server 2016 would be helpful to manage your environment and why?
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchEnterpriseDesktop

SearchVirtualDesktop

Close