Active Directory/Documentation/GP Preferences Overview

From WolfTech
Revision as of 14:39, 28 March 2008 by Djgreen (talk | contribs) (New page: Group Policy preferences enable IT professionals to configure, deploy, and manage operating system and application settings they previously were not able to manage using Group Policy. Exam...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Group Policy preferences enable IT professionals to configure, deploy, and manage operating system and application settings they previously were not able to manage using Group Policy. Examples include mapped drives, scheduled tasks, and Start menu settings. For many types of settings, using Group Policy preferences is a better alternative to configuring them in Windows images or using logon scripts.

Organizations typically deploy two types of settings: managed and unmanaged. Managed settings are policy settings that you enforce. You don’t allow users to change policy settings. Policy settings reduce support costs by enforcing standard configurations, help prevent productivity loss, and protect an organization’s assets. Group Policy is the best technology for delivering policy settings to computers running Microsoft Windows®, and if your organization is like most with Microsoft infrastructures, you’ve already adopted Group Policy.

Unmanaged settings are preferences. In contrast to policy settings, you allow users to change preferences after you’ve deployed them. By explicitly deploying preferences rather than accepting the default operating system settings, you create configurations that are more compatible with your IT environment and are specifically tailored to your organization and how its people use their computers. Additionally, deploying some preferences for users is a necessity in locked-down environments, where users can’t change many settings. Organizations deploy preferences a variety of ways, but the most common are default user profiles, registration entry (.reg) files, and logon scripts. Including preferences in Windows images is also common. In any case, most methods for deploying preferences are decentralized and unwieldy.

The key difference between preferences and policy settings is enforcement. Group Policy strictly enforces policy settings. First, Group Policy writes those settings to the Policy branches of the registry, and the access control lists (ACLs) on those branches prevent Standard users from changing them. When a Group Policy-aware application or operating system feature looks for a potentially managed setting, it first looks for the policy setting. If the policy setting doesn’t exist, it looks for the setting elsewhere in the registry. Second, Group Policy-aware applications and operating system features typically disable the user interface for settings that Group Policy is managing, which prevents users from changing them. Finally, Group Policy refreshes policy settings at a regular interval, which is every 90 minutes, by default, but which is configurable by a Group Policy administrator.

In contrast to Group Policy settings, Group Policy does not strictly enforce preferences. Group Policy does not store preferences in the Policy branches of the registry. Instead, it writes preferences to the same locations in the registry that the application or operating system feature uses to store the setting. The implication of this is twofold. First, Group Policy preferences support applications and operating system features that aren’t Group Policy-aware. Second, Group Policy preferences do not cause the application or operating system feature to disable the user interface for the settings they configure. The result is that after deploying preferences using Group Policy, users can still change those settings. Additionally, Group Policy refreshes preferences using the same interval as Group Policy settings by default. However, you can prevent Group Policy from refreshing individual preferences by choosing to apply them only once. This configures the preference one time and allows the user to change it permanently.

Group Policy preferences add to Group Policy a centralized system for deploying preferences. It provides the means to simplify deployment, reduce configuration errors, and reduce IT costs. Rather than using the steps described earlier to deploy mapped drives, for example, you simply create a Group Policy object and edit its Drive Maps preference item. This white paper describes Group Policy preferences—its features, the differences between policy settings and preferences, and the many benefits of using this new technology.

Complete Overview Documentation: http://www.microsoft.com/downloads/details.aspx?FamilyID=42e30e3f-6f01-4610-9d6e-f6e0fb7a0790&displaylang=en