Most Windows sys admins know Group Policy administration is an integral tool to manage user, security and networking...
policies. Windows Server 2016 makes a number of minor changes to Group Policy and includes a number of new policy settings that administrators should consider.
Some policies are particularly noteworthy for admins who manage mobile devices. For example, Windows Server 2016 includes a suite of application management group policies in the appprivacy.admx template. These allow Windows applications to access local tools, such as the calendar, call history, contacts, camera, email, location, messages, microphone, motion, radios, account information, trusted devices and synchronization.
Administrators can apply new Group Policy settings across a variety of templates to:
- prevent the launch of Windows Store apps with Windows Runtime API access (appxruntime.admx);
- disable Microsoft consumer experience reporting (cloudcontent.admx);
- allow input personalization (globalization.admx);
- block untrusted fonts (grouppolicy.admx);
- toggle user control over builds and toggle the use of telemetry (datacollection.admx); and
- stop the display of Windows Tips (cloudcontent.admx).
There are also numerous security policies and capabilities added to Windows Server 2016 for Group Policy administration. For example, administrators can:
- disable prerelease features or settings (datacollection.admx);
- turn off the Key Management Service client and online Address Verification System validation (avsvalidationgp.admx);
- use enhanced antispoofing techniques (biometrics.admx); and
- assign a default credential provider (credentialproviders.admx).
Some of the new Group Policy settings are dedicated to cryptographic operations. Administrators can use the ciphersuiteorder.admx template to set the elliptic curve cryptography order, or use lanmanserver.admx to set the cipher suite order or force use of the cipher suite order.
These new policies are primarily intended for Windows Server; Windows Nano Server does not support Group Policy directly. However, administrators can apply other policies to core applications such as Internet Explorer 10, Microsoft Edge and so on. To help with Group Policy administration, Microsoft Download Center maintains a complete set of documentation for Windows Server 2016, which includes spreadsheets that detail the available Group Policy settings. These settings include corresponding policy paths and registry information.
How the .admx format gives admins more flexibility
Containers, storage play big part in Windows Server 2016
Must-know Windows Server 2016 security changes
What Nano Server features are best for your business
Dig Deeper on Microsoft Group Policy Management
Related Q&A from Stephen J. Bigelow
RAID 5 and RAID 6 are two types of erasure coding. The former protects data with basic parity, while the latter builds in a second layer of parity ...continue reading
Cleanly divided and straightforward applications are good candidates for a container-based deployment, whereas complex applications pose more ...continue reading
Assessing the impact of containers on application workloads can be extremely challenging, partially because of how quickly containers are spun up and...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.