Most Windows sys admins know Group Policy administration is an integral tool to manage user, security and networking...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
policies. Windows Server 2016 makes a number of minor changes to Group Policy and includes a number of new policy settings that administrators should consider.
Some policies are particularly noteworthy for admins who manage mobile devices. For example, Windows Server 2016 includes a suite of application management group policies in the appprivacy.admx template. These allow Windows applications to access local tools, such as the calendar, call history, contacts, camera, email, location, messages, microphone, motion, radios, account information, trusted devices and synchronization.
Administrators can apply new Group Policy settings across a variety of templates to:
- prevent the launch of Windows Store apps with Windows Runtime API access (appxruntime.admx);
- disable Microsoft consumer experience reporting (cloudcontent.admx);
- allow input personalization (globalization.admx);
- block untrusted fonts (grouppolicy.admx);
- toggle user control over builds and toggle the use of telemetry (datacollection.admx); and
- stop the display of Windows Tips (cloudcontent.admx).
There are also numerous security policies and capabilities added to Windows Server 2016 for Group Policy administration. For example, administrators can:
- disable prerelease features or settings (datacollection.admx);
- turn off the Key Management Service client and online Address Verification System validation (avsvalidationgp.admx);
- use enhanced antispoofing techniques (biometrics.admx); and
- assign a default credential provider (credentialproviders.admx).
Some of the new Group Policy settings are dedicated to cryptographic operations. Administrators can use the ciphersuiteorder.admx template to set the elliptic curve cryptography order, or use lanmanserver.admx to set the cipher suite order or force use of the cipher suite order.
These new policies are primarily intended for Windows Server; Windows Nano Server does not support Group Policy directly. However, administrators can apply other policies to core applications such as Internet Explorer 10, Microsoft Edge and so on. To help with Group Policy administration, Microsoft Download Center maintains a complete set of documentation for Windows Server 2016, which includes spreadsheets that detail the available Group Policy settings. These settings include corresponding policy paths and registry information.
How the .admx format gives admins more flexibility
Containers, storage play big part in Windows Server 2016
Must-know Windows Server 2016 security changes
Dig Deeper on Microsoft Group Policy Management
Related Q&A from Stephen J. Bigelow
SysOps teams must maintain consistent workload performance, meet compliance and security standards, as well as other IT tasks. AWS Config helps ...continue reading
Microsoft SMT is a free Azure-based tool that offers remote Windows Server management, but there are some limits to this cloud service.continue reading
Logs have been an integral piece of troubleshooting. New enhanced logs boosts vSphere security by providing much more detail about errors and changes.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.