Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Group Policy Preferences - What are we missing

Posted on 2014-01-14
6
Medium Priority
?
772 Views
Last Modified: 2014-01-14
We are currently only using 2003 DCs in one of our environments.  After introducing Server 2012R2 machines we noticed that Group Policy for IE was no longer applying.

We found the problem was that IE10 no longer would use the IEM settings in our GPO, and would only use GPP.  Of course with no 2k8 DCs, we have no GPP settings.


My question is: What other issues could we face by not having GPPs?  Is IE10 the first item to REQUIRE gpp to work properly?  We are working on making a case to management and I figured you all would be a great resource!
0
Comment
Question by:ServerNotFound
6 Comments
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 668 total points
ID: 39780047
Group policy preferences are not server specific. They are client specific. If your clients have IE10, then you are running windows 7+. If you are running Windows 7, you have preferences.

Setup a Windows 7/8/8.1 machine with RSAT. Use that to edit preferences.

http://deployhappiness.com/internet-explorer-maintenance-replacements/
0
 
LVL 44

Assisted Solution

by:Adam Brown
Adam Brown earned 668 total points
ID: 39780056
There were some Group Policy settings on 2003 that worked for IE10, but as you've seen those get superseded by Group Policy Preference settings. As far as I know, that's the only thing you'll really run into that does that. Jmoody's recommendation on using a windows 7/8 machine to inject GPP into your existing group policies is also a valid thing to remember.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39780097
Lots of other stuff is made much easier with GPP - mapping drives, setting printers etc to name but two
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:ServerNotFound
ID: 39780212
Thank you all.  

Looking at using Admin Templates instead, but don't have the whole process yet.  

I was kinda hoping there would be other good reasons to make the move to GPP, but I think the one area we have (IE10) we likely won't get any traction.
0
 
LVL 39

Assisted Solution

by:Mahesh
Mahesh earned 664 total points
ID: 39780387
GPP can save you from lot of startup \ logon scripts
Your local client computer management such as admin rename, password change, file copying process, new  folder creation, registry modifications, group modifications, map drives, home drives, printers can be mapped with GPP.
Also you can use GPP for item level targeting such as you can filter policies OS wise such as XP, win7
Also you can create schedule tasks, service management.
Also all GPP tasks run under system account of local machine, so you need not to provide explicit permissions to users

http://blogs.technet.com/b/nmercer/archive/2007/11/19/group-policy-preferences.aspx

Mahesh
0
 
LVL 44

Expert Comment

by:Adam Brown
ID: 39780407
GPP will basically save you a lot of headaches, as mentioned. If you have a Server 2012 DC, there's no reason *not* to utilize them for what they do (mapping drives, setting power profiles, etc), as it is much easier than writing scripts that do the same thing.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question