Most Windows sys admins know Group Policy administration is an integral tool to manage user, security and networking...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
policies. Windows Server 2016 makes a number of minor changes to Group Policy and includes a number of new policy settings that administrators should consider.
Some policies are particularly noteworthy for admins who manage mobile devices. For example, Windows Server 2016 includes a suite of application management group policies in the appprivacy.admx template. These allow Windows applications to access local tools, such as the calendar, call history, contacts, camera, email, location, messages, microphone, motion, radios, account information, trusted devices and synchronization.
Administrators can apply new Group Policy settings across a variety of templates to:
- prevent the launch of Windows Store apps with Windows Runtime API access (appxruntime.admx);
- disable Microsoft consumer experience reporting (cloudcontent.admx);
- allow input personalization (globalization.admx);
- block untrusted fonts (grouppolicy.admx);
- toggle user control over builds and toggle the use of telemetry (datacollection.admx); and
- stop the display of Windows Tips (cloudcontent.admx).
There are also numerous security policies and capabilities added to Windows Server 2016 for Group Policy administration. For example, administrators can:
- disable prerelease features or settings (datacollection.admx);
- turn off the Key Management Service client and online Address Verification System validation (avsvalidationgp.admx);
- use enhanced antispoofing techniques (biometrics.admx); and
- assign a default credential provider (credentialproviders.admx).
Some of the new Group Policy settings are dedicated to cryptographic operations. Administrators can use the ciphersuiteorder.admx template to set the elliptic curve cryptography order, or use lanmanserver.admx to set the cipher suite order or force use of the cipher suite order.
These new policies are primarily intended for Windows Server; Windows Nano Server does not support Group Policy directly. However, administrators can apply other policies to core applications such as Internet Explorer 10, Microsoft Edge and so on. To help with Group Policy administration, Microsoft Download Center maintains a complete set of documentation for Windows Server 2016, which includes spreadsheets that detail the available Group Policy settings. These settings include corresponding policy paths and registry information.
How the .admx format gives admins more flexibility
Containers, storage play big part in Windows Server 2016
Must-know Windows Server 2016 security changes
Dig Deeper on Microsoft Group Policy Management
Related Q&A from Stephen J. Bigelow
Which Amazon WorkSpaces tools allow IT teams to easily package, deploy and manage applications for DaaS users?continue reading
We want to ensure a good desktop experience for DaaS users. How can we connect Amazon WorkSpaces and local resources to do this?continue reading
With Windows Server's updates to Group Policy settings and templates comes a danger for administrators: users flooding the help desk with tickets.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.