With the release of Vista, Microsoft has added several new areas that can be
managed via GPOs and has expanded several existing areas. These areas
include the following:
Antivirus
Background Intelligent Transfer Service (BITS)
Client Help
Deployed Printer Connections
Device Installation
Disk Failure Diagnostic
DVD Video Burning
Enterprise Quality of Service (QoS)
Hybrid Hard Disk
Internet Explorer 7
Networking: Quarantine
Networking: Wired Wireless
Power Management
Removable Storage
Security Protection
Shell Application Management
Shell First Experience, Logon, and Privileges
Shell Sharing, Sync, and Roaming
Shell Visuals
Tablet PC
Terminal Services
Troubleshooting and Diagnostics
User Account Protection
Windows Error Reporting
With these new areas available, administrators are able to continue to manage
functions and settings on the client workstations to reduce overall administrative
efforts.
ADMX Format
Vista brings with it a new format for storing GPO-related information.
Whereas in the past, GPOs were built with .adm files that stored the individual
configuration objects, Vista uses a new .admx format. The new format
allows for language-neutral as well as language-specific resources. This
allows the various Group Policy tools to adjust their operating system to the
administrator's configured language. The net result of this is that an administrator
in the United States can create a GPO and a colleague in France can
review the same GPO, but the colleague will see it in French.
The new .admx files are based on XML. This makes it easier for developers
to integrate GPO information into their applications.
An observant administrator will notice that the available settings are different
when viewed from Vista in contrast to viewing via a Windows 2003 domain
controller. This is because Vista is able to see the settings available from the
new .admx entries.
Network Location Awareness (NLA)
Network Location Awareness (NLA) is a mechanism that improves the ability
of Group Policy to deal with changes in network conditions. NLA allows
Group Policy to utilize event notification and resource detection within Vista
to become aware of events, such as leaving standby or hibernation or the
establishment of a VPN connection. Even an event such as connecting to a
wireless network can be detected to trigger processing of GPOs.
Some of the major benefits of NLA include the following:
More efficient startup times -- NLA will allow Group Policy to determine
the state of the network connection, resulting in a reduction of
timeouts while waiting for a connection to a domain controller. NLA
will accurately determine whether a network card is enabled or
disabled and will use this information to determine whether to try to
contact a domain controller to download a GPO.
NLA allows a client to apply a policy when a connection to a
domain controller is restored -- This is especially helpful in the case
of wireless network connections that require user interaction or in the
case of Virtual Private Network connections where connection to a
domain controller doesn't occur until after the login event has been
processed. This same behavior will occur when a client exits hibernation
or standby. The benefit here is that if the refresh period of the
GPO has expired, the client will immediately attempt to download and process GPOs as soon as connectivity to a domain controller is
restored. This will improve overall system protection because there is
no delay in processing new settings.
NLA also removes the dependency on ICMP (Ping) for determining
available bandwidth when determining whether to process
GPOs -- This allows administrators to further protect clients by blocking
ICMP in the local firewall without breaking GPO functionality.
GROUP POLICY BASICS FOR WINDOWS VISTA
Home: Introduction
Tip 1: A basic primer on Microsoft Group Policy
Tip 2: How to configure GPOs
Tip 3: What's new with Vista Group Policy?
Tip 4: How to manage GPOs
Tip 5: Troubleshooting GPOs for Vista
Tip 6: Group Policy best practices
ADVANCED GROUP POLICY FOR WINDOWS VISTA
Home: Introduction
Tip 1: Which GPOs are available
Tip 2: Further understanding GPOs in Vista
Tip 3: Examples of useful GPOs in Vista
Tip 4: Moving policies between domains
Tip 5: Recommended practices with Vista Group Policy
