3 ways Windows Server 2012 makes Group Policy easier

Group Policy gets a second life in Windows Server 2012, with enhancements admins will surely appreciate

Group Policy isn't dead yet. Just because your company has embraced or at least tolerates the BYOD movement and your iPhone is connected to corporate email, you'll still face restrictions on your system when you log into Active Directory each day. While you enjoy the freedom of bringing in your own devices or working at home on your own PC or Mac, IT administrators still have a job to do -- and controlling users is part of their duties at times.

Group Policy is an admin's best tool for user management in an Active Directory environment. Windows Server 2012 evolves those policies usefully in three key areas.

[ Get ready for Windows Server 2012 with the Windows Server 2012 Deep Dive PDF special report. | Stay atop key Microsoft technologies in our Technology: Microsoft newsletter. ]

Troubleshooting improvements
There's nothing worse than taking the time to establish policies, then not knowing why they aren't being applied properly. It can drive an IT admin insane. Microsoft has provided the Resultant Set of Policy (RSOP) tool for a while; in Windows Server 2012 it offers more data reporting to help track down deployment issues.

In earlier Windows Server versions, you had to both look at the RSOP report and check the event log and tracing logs to see why a policy didn't apply properly. In Windows Server 2012, much of this information has been consolidated into one results report that summarizes the information nicely. The summary includes loopback mode, slow link detection, and group policy objects with enforcement set (or that have block inheritance enabled). The summary also shows client-side extensions to process and the last time an extension was processed. Speaking as someone who's dealt with Group Policy detective work for 12 years, I very much appreciate these improvements.

Remote Group Policy updating
Using the new Group Policy Management Console in Windows Server 2012, you can now perform remote refreshes from a central location. You no longer need to go to the PC in question, remote into it, or ask the user to remote into it and run gpupdate /force to make the refresh happen.

Keep in mind you cannot just locate the person's machine in the Group Policy Management Console and kick off the gpupdate. You have to locate the organizational unit through the console and update all computers in the organizational unit and subunits. At that time, all computer policies are refreshed and all polices for users are logged in. The tool provides the success and failure information for scheduling the update to occur. Also note that the update is scheduled by task scheduler to run within the next 10 minutes; it's not an instantaneous action.

Infrastructure status details
The new Group Policy Management Console also has a new feature called Infrastructure Status that shows the replication state, such as whether it is in progress or if the sync is complete, as well as the status of both Active Directory and the SYSVOL folder, both of which are important to ensure the group policy objects are replicated. This replication status information is very handy for troubleshooting policy settings that aren't replicating through the environment.

This story, "3 ways Windows Server 2012 makes Group Policy easier," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.