What's new in Group Policy for Windows Server 2012 R2 and Windows 8.1

These subtle but interesting Group Policy changes shouldn't escape your attention

Group Policy has been around since Windows 2000. It was a welcome change to System Policies we had in Windows NT because it let you manage configurations over many computer and user features from a centralized console, as well as easily enforce those changes throughout your Active Directory domain.

With most every release of Windows Server, we've seen many improvements to Group Policy -- both major and minor -- and of course they've been implemented on the Windows client side. That's not so true in Windows Server 2012 R2; very little is new or improved when it comes to Group Policy.

[ 10 excellent new features in Windows Server 2012 R2 | For quick, smart takes on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. ]

Here's what has changed in Windows Server 2012 R2 itself:

  • IPv6 support (improved): The support now encompasses printers, item-level targeting, and VPN networks.
  • Policy caching (new): This capability allows policies to be written to the local store on a system once it receives the latest policy from a domain controller. This allows a system running Group Policy in synchronous mode to read the policy from the local store rather than downloading it from the network. This in turn allows for a faster boot time in synchronous mode and a shorter policy processing time -- great for off-premises systems that have latent domain-controller connections over WAN links or DirectAccess.
  • Event logging (improved): New logging details for Group Policies include how long it takes to download and process policies by clients.

But Jeremy Moskowitz, a Group Policy MVP and founder of GPanswers.com, notes additional changes that cross into Windows 8.1:

One counterintuitive improvement to Windows 8.1 -- and when Windows Server 2012 R2 is acting as a client -- is that login scripts are delayed. The goal is to minimize disk access at login and boost startup time. The new default in Windows 8.1 and Windows Server 2012 R2 is that login scripts fire off five minutes after the user has logged on. If you didn't know this, it could be a little confusing! Note that this can be turned off using a policy setting (Configure Login Script Delay).

Also new, Group Policy can now deliver a "fixed" Start Screen to Windows Server 2012 R2 or Windows 8.1 as clients, Moskowitz notes. Thus, IT can enforce a consistent, locked-down experience. You can configure different layouts for different users, if needed.

For Internet Explorer, Group Policy for Windows Server 2012 lets IT configure the use of SPDY/3 network protocol, configure whether background loading is permitted for websites and other content, configure whether antimalware programs run against ActiveX controls, and turn off phone number detection (a feature that converts recognized phone numbers into links that if clicked dial the number using a software-based phone dialer).

Group Policy has a long history, and it's reached the point where tweaks rather than major overhauls are appropriate for its level of maturity. But don't assume Group Policy's maturity means you can ignore its altogether -- even tweaks can be quite useful.

This story, "What's new in Group Policy for Windows Server 2012 R2 and Windows 8.1," was originally published at InfoWorld.com. Read more of J. Peter Bruzzese's Enterprise Windows blog and follow the latest developments in Windows at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies