In this post I’ll cover some of what you can do with group policy preferences. In the next post I’ll talk about how you can target these settings on the basis of computer or user properties.
If you haven’t already, it’s worth having a quick look at what options are available in the Group Policy Preferences section of a GPO hosted of a Windows Server 2012 R2 functional level domain controller.
You can use Group Policy Preferences to configure the following:
- Environment variables. Set environment variables
- Files. Specific files are created, replaced, updated, or deleted
- Folders. Specific folders Are created, replaced, updated, or deleted
- Ini files. Ensure that specific ini files are created, replaced, updated, or deleted
- Registry. Ensure that specific registry settings are configured
- Network shares. Ensure that specific network shares are present
- Shortcuts. Ensure that specific shortcuts are present
- Data sources. Configure data sources
- Devices. Configure whether specific devices are enabled or disabled based on device class.
- Folder options. Configure folder options settings
- Internet settings. Configure internet settings
- Local Users and Groups. Ensure the presence or removal of specific local users or groups
- Network options. Configure network options
- Power options. Configure Power Options
- Printers. Configure printers
- Regional Options. Configure regional settings
- Scheduled Tasks. Manage scheduled tasks
- Start Menu. Configure the Start menu
Some of these settings can be configured through Group Policy. When configuring settings, you decide whether you want to apply a setting so that the user cannot change it, or configure a setting so that the user can change it. For example, setting a default browser home page while allowing the user the option of altering that default setting.
While being able to configure all these settings is cool, it’s the targeting options that allow you to get very specific about which groups of users or computers the settings apply to.