Essential Guide

Browse Sections


This content is part of the Essential Guide: The essential guide to Microsoft Windows Server 2016
Manage Learn to apply best practices and optimize your operations.

A walk-through of Windows Server 2016 Group Policy

Group Policy users will appreciate that the structure hasn't changed in Windows Server 2016, but there are a few new policies unique to the release.

Microsoft introduced a lot of new features and capabilities in Windows Server 2016, but group policies remain largely...

unchanged from the previous version. Although Microsoft has presumably introduced some Windows Server 2016- and Windows 10-specific group policy settings, the overall group policy structure hasn't changed.

Group policy settings still exist for users and computers (Figure 1). These policy settings may be applied at the domain, OU, site, or local computer level.

Figure 1
This is the Group Policy Editor in Windows Server 2016 Preview 2.

What has changed is the way in which the group policy configuration process works. In Windows Server 2016, Microsoft encouraged customers to deploy servers with as small of a footprint as possible. The preferred deployment method does not include a GUI (Figure 2). The descriptive text beneath the installation options explains that you should only install Windows with the local administrative tools if you need backward compatibility.

Figure 2
Microsoft recommends installing Windows Server 2016 without local administrative tools.

This raises the question of how to access the Group Policy Editor. The method you will need to use varies depending on the installation type you have performed. Currently, Windows Server is in preview release, so things could change by the time it's in general availability. But if you have installed the local administrative tools then accessing the Group Policy Editor is done in a way that is somewhat similar to the method used in Windows Server 2012.

Currently, even an installation that includes the local administrative tools is somewhat bare bones. The interface includes a Command Prompt window and Server Manager, but nothing else. There is no desktop, no Start menu (Figure 3).

Figure 3
This is what the Windows Server 2016 Preview 2

Most of the Windows Server 2012 R2 style management tools still exist, but accessing those tools isn't always intuitive. The Server Manager, for example, includes a link to the Local Security Policy, but not to domain-based group policies. If you want to access the user and the computer portion of the local security policy, you will need to switch to the Command Prompt window and navigate to C:\%systemroot%\system32 and then enter the GPEDIT.MSC command (Figure 4).

Figure 4
You can use the GPEDIT.MSC command to launch the Group Policy Editor from the Command Prompt window.

For deployments that do not include local management tools, you will have to either manage the group policies remotely or use PowerShell. If you want to manage group policy remotely then you will need to have at least one server that has the management tools installed. From this server, enter the MMC command at the server's command prompt. When the console loads, select the Add / Remove Snap-In command from the File menu. When you do, Windows will present you with a list of snap-ins. Choose the Group Policy Object Editor from the list of snap-ins and click Add. You will then be asked which group policy to manage. Click the Browse button and then select the desired group policy (Figure 5).

Figure 5
Click the Browse button and select the Group policy you want to edit.

The other option is to edit group policies through PowerShell. Windows Server 2012 has an entire PowerShell module dedicated to group policy management. However, the Group Policy module is not installed by default. The group policy module was only installed if the server was either configured as a domain controller or if the server had the Group Policy Management Console installed. Microsoft has not yet documented the conditions in which the group policy module will be available in Windows Server 2016.

When Windows Server 2016 becomes available, most organizations will probably opt to perform remote management of group policies rather than installing the management tools locally. PowerShell is a viable option as well, but GUI based management tools tend to be more efficient for small scale tasks.

Next Steps

Take a peek inside Exchange Server 2016

Exchange Server 2016 deployment experiences admins should prepare for

The ins-and-outs of new Exchange Server 2016 features

This was last published in June 2015

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Spreadsheets list the policy setting for computer and user configurations included in the admin template files