BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Microsoft introduced a lot of new features and capabilities in Windows Server 2016, but group policies remain largely...
unchanged from the previous version. Although Microsoft has presumably introduced some Windows Server 2016- and Windows 10-specific group policy settings, the overall group policy structure hasn't changed.
Group policy settings still exist for users and computers (Figure 1). These policy settings may be applied at the domain, OU, site, or local computer level.
What has changed is the way in which the group policy configuration process works. In Windows Server 2016, Microsoft encouraged customers to deploy servers with as small of a footprint as possible. The preferred deployment method does not include a GUI (Figure 2). The descriptive text beneath the installation options explains that you should only install Windows with the local administrative tools if you need backward compatibility.
This raises the question of how to access the Group Policy Editor. The method you will need to use varies depending on the installation type you have performed. Currently, Windows Server is in preview release, so things could change by the time it's in general availability. But if you have installed the local administrative tools then accessing the Group Policy Editor is done in a way that is somewhat similar to the method used in Windows Server 2012.
Currently, even an installation that includes the local administrative tools is somewhat bare bones. The interface includes a Command Prompt window and Server Manager, but nothing else. There is no desktop, no Start menu (Figure 3).
Most of the Windows Server 2012 R2 style management tools still exist, but accessing those tools isn't always intuitive. The Server Manager, for example, includes a link to the Local Security Policy, but not to domain-based group policies. If you want to access the user and the computer portion of the local security policy, you will need to switch to the Command Prompt window and navigate to C:\%systemroot%\system32 and then enter the GPEDIT.MSC command (Figure 4).
For deployments that do not include local management tools, you will have to either manage the group policies remotely or use PowerShell. If you want to manage group policy remotely then you will need to have at least one server that has the management tools installed. From this server, enter the MMC command at the server's command prompt. When the console loads, select the Add / Remove Snap-In command from the File menu. When you do, Windows will present you with a list of snap-ins. Choose the Group Policy Object Editor from the list of snap-ins and click Add. You will then be asked which group policy to manage. Click the Browse button and then select the desired group policy (Figure 5).
The other option is to edit group policies through PowerShell. Windows Server 2012 has an entire PowerShell module dedicated to group policy management. However, the Group Policy module is not installed by default. The group policy module was only installed if the server was either configured as a domain controller or if the server had the Group Policy Management Console installed. Microsoft has not yet documented the conditions in which the group policy module will be available in Windows Server 2016.
When Windows Server 2016 becomes available, most organizations will probably opt to perform remote management of group policies rather than installing the management tools locally. PowerShell is a viable option as well, but GUI based management tools tend to be more efficient for small scale tasks.
Take a peek inside Exchange Server 2016
Exchange Server 2016 deployment experiences admins should prepare for
The ins-and-outs of new Exchange Server 2016 features