Solved

Group Policy Preferences - What are we missing

Posted on 2014-01-14
6
731 Views
Last Modified: 2014-01-14
We are currently only using 2003 DCs in one of our environments.  After introducing Server 2012R2 machines we noticed that Group Policy for IE was no longer applying.

We found the problem was that IE10 no longer would use the IEM settings in our GPO, and would only use GPP.  Of course with no 2k8 DCs, we have no GPP settings.


My question is: What other issues could we face by not having GPPs?  Is IE10 the first item to REQUIRE gpp to work properly?  We are working on making a case to management and I figured you all would be a great resource!
0
Comment
Question by:ServerNotFound
6 Comments
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 167 total points
ID: 39780047
Group policy preferences are not server specific. They are client specific. If your clients have IE10, then you are running windows 7+. If you are running Windows 7, you have preferences.

Setup a Windows 7/8/8.1 machine with RSAT. Use that to edit preferences.

http://deployhappiness.com/internet-explorer-maintenance-replacements/
0
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 167 total points
ID: 39780056
There were some Group Policy settings on 2003 that worked for IE10, but as you've seen those get superseded by Group Policy Preference settings. As far as I know, that's the only thing you'll really run into that does that. Jmoody's recommendation on using a windows 7/8 machine to inject GPP into your existing group policies is also a valid thing to remember.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39780097
Lots of other stuff is made much easier with GPP - mapping drives, setting printers etc to name but two
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:ServerNotFound
ID: 39780212
Thank you all.  

Looking at using Admin Templates instead, but don't have the whole process yet.  

I was kinda hoping there would be other good reasons to make the move to GPP, but I think the one area we have (IE10) we likely won't get any traction.
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 166 total points
ID: 39780387
GPP can save you from lot of startup \ logon scripts
Your local client computer management such as admin rename, password change, file copying process, new  folder creation, registry modifications, group modifications, map drives, home drives, printers can be mapped with GPP.
Also you can use GPP for item level targeting such as you can filter policies OS wise such as XP, win7
Also you can create schedule tasks, service management.
Also all GPP tasks run under system account of local machine, so you need not to provide explicit permissions to users

http://blogs.technet.com/b/nmercer/archive/2007/11/19/group-policy-preferences.aspx

Mahesh
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 39780407
GPP will basically save you a lot of headaches, as mentioned. If you have a Server 2012 DC, there's no reason *not* to utilize them for what they do (mapping drives, setting power profiles, etc), as it is much easier than writing scripts that do the same thing.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now