Solved

Group Policy Preferences - What are we missing

Posted on 2014-01-14
6
746 Views
Last Modified: 2014-01-14
We are currently only using 2003 DCs in one of our environments.  After introducing Server 2012R2 machines we noticed that Group Policy for IE was no longer applying.

We found the problem was that IE10 no longer would use the IEM settings in our GPO, and would only use GPP.  Of course with no 2k8 DCs, we have no GPP settings.


My question is: What other issues could we face by not having GPPs?  Is IE10 the first item to REQUIRE gpp to work properly?  We are working on making a case to management and I figured you all would be a great resource!
0
Comment
Question by:ServerNotFound
6 Comments
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 167 total points
ID: 39780047
Group policy preferences are not server specific. They are client specific. If your clients have IE10, then you are running windows 7+. If you are running Windows 7, you have preferences.

Setup a Windows 7/8/8.1 machine with RSAT. Use that to edit preferences.

http://deployhappiness.com/internet-explorer-maintenance-replacements/
0
 
LVL 40

Assisted Solution

by:Adam Brown
Adam Brown earned 167 total points
ID: 39780056
There were some Group Policy settings on 2003 that worked for IE10, but as you've seen those get superseded by Group Policy Preference settings. As far as I know, that's the only thing you'll really run into that does that. Jmoody's recommendation on using a windows 7/8 machine to inject GPP into your existing group policies is also a valid thing to remember.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39780097
Lots of other stuff is made much easier with GPP - mapping drives, setting printers etc to name but two
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 

Author Comment

by:ServerNotFound
ID: 39780212
Thank you all.  

Looking at using Admin Templates instead, but don't have the whole process yet.  

I was kinda hoping there would be other good reasons to make the move to GPP, but I think the one area we have (IE10) we likely won't get any traction.
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 166 total points
ID: 39780387
GPP can save you from lot of startup \ logon scripts
Your local client computer management such as admin rename, password change, file copying process, new  folder creation, registry modifications, group modifications, map drives, home drives, printers can be mapped with GPP.
Also you can use GPP for item level targeting such as you can filter policies OS wise such as XP, win7
Also you can create schedule tasks, service management.
Also all GPP tasks run under system account of local machine, so you need not to provide explicit permissions to users

http://blogs.technet.com/b/nmercer/archive/2007/11/19/group-policy-preferences.aspx

Mahesh
0
 
LVL 40

Expert Comment

by:Adam Brown
ID: 39780407
GPP will basically save you a lot of headaches, as mentioned. If you have a Server 2012 DC, there's no reason *not* to utilize them for what they do (mapping drives, setting power profiles, etc), as it is much easier than writing scripts that do the same thing.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question