What's new in Group Policy Objects?

This excerpt from "Microsoft Windows Vista Management and Administration" takes a look at how Group Policy has changed with the release of Windows Vista.

Microsoft Windows Vista Management and Administration This chapter excerpt from Microsoft Windows Vista Management and Administration, by Andrew Abbate, James Walker, Scott Chimner and Rand Morimoto, is printed with permission from Pearson Education, Copyright 2007.

Click here for the chapter download or purchase the entire book here.

With the release of Vista, Microsoft has added several new areas that can be managed via GPOs and has expanded several existing areas. These areas include the following:

  • Antivirus
  • Background Intelligent Transfer Service (BITS)
  • Client Help
  • Deployed Printer Connections
  • Device Installation
  • Disk Failure Diagnostic
  • DVD Video Burning
  • Enterprise Quality of Service (QoS)
  • Hybrid Hard Disk
  • Internet Explorer 7
  • Networking: Quarantine
  • Networking: Wired Wireless
  • Power Management
  • Removable Storage
  • Security Protection
  • Shell Application Management
  • Shell First Experience, Logon, and Privileges
  • Shell Sharing, Sync, and Roaming
  • Shell Visuals
  • Tablet PC
  • Terminal Services
  • Troubleshooting and Diagnostics
  • User Account Protection
  • Windows Error Reporting
  • With these new areas available, administrators are able to continue to manage functions and settings on the client workstations to reduce overall administrative efforts.

    ADMX Format

    Vista brings with it a new format for storing GPO-related information. Whereas in the past, GPOs were built with .adm files that stored the individual configuration objects, Vista uses a new .admx format. The new format allows for language-neutral as well as language-specific resources. This allows the various Group Policy tools to adjust their operating system to the administrator's configured language. The net result of this is that an administrator in the United States can create a GPO and a colleague in France can review the same GPO, but the colleague will see it in French.

    The new .admx files are based on XML. This makes it easier for developers to integrate GPO information into their applications.

    An observant administrator will notice that the available settings are different when viewed from Vista in contrast to viewing via a Windows 2003 domain controller. This is because Vista is able to see the settings available from the new .admx entries.

    Network Location Awareness (NLA)

    Network Location Awareness (NLA) is a mechanism that improves the ability of Group Policy to deal with changes in network conditions. NLA allows Group Policy to utilize event notification and resource detection within Vista to become aware of events, such as leaving standby or hibernation or the establishment of a VPN connection. Even an event such as connecting to a wireless network can be detected to trigger processing of GPOs.

    Some of the major benefits of NLA include the following:

  • More efficient startup times -- NLA will allow Group Policy to determine the state of the network connection, resulting in a reduction of timeouts while waiting for a connection to a domain controller. NLA will accurately determine whether a network card is enabled or disabled and will use this information to determine whether to try to contact a domain controller to download a GPO.
  • NLA allows a client to apply a policy when a connection to a domain controller is restored -- This is especially helpful in the case of wireless network connections that require user interaction or in the case of Virtual Private Network connections where connection to a domain controller doesn't occur until after the login event has been processed. This same behavior will occur when a client exits hibernation or standby. The benefit here is that if the refresh period of the GPO has expired, the client will immediately attempt to download and process GPOs as soon as connectivity to a domain controller is restored. This will improve overall system protection because there is no delay in processing new settings.
  • NLA also removes the dependency on ICMP (Ping) for determining available bandwidth when determining whether to process GPOs -- This allows administrators to further protect clients by blocking ICMP in the local firewall without breaking GPO functionality.


     Home: Introduction
     Tip 1: A basic primer on Microsoft Group Policy
     Tip 2: How to configure GPOs
     Tip 3: What's new with Vista Group Policy?
     Tip 4: How to manage GPOs
     Tip 5: Troubleshooting GPOs for Vista
     Tip 6: Group Policy best practices
     Home: Introduction
     Tip 1: Which GPOs are available
     Tip 2: Further understanding GPOs in Vista
     Tip 3: Examples of useful GPOs in Vista
     Tip 4: Moving policies between domains
     Tip 5: Recommended practices with Vista Group Policy

    Dig Deeper on Windows systems and network management

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.