Domain Level GPO's

ManieyaK_ used Ask the Experts™
Hello - I'm working on setting GPO for my Win 10 boxes, I'm farely new to Domain level GPO so bare with me as i try to explain.  What I'm having a hard time with is some controls that are available through local GP, are not available in Domain GP for example.
- Computer Config>Admin Templates>System>Credentials Delegation> "Remote host allows delegation of non-exportable credentials" to enabled. in quotations is what's missing from Domain GP
-Computer Config>Admin Templates>Windows Components>"Micorsoft Edge"  what in quotations is missing on domain GP
-Computer Config>Admin Templates>Windows Components>"Windows Game Recording & Broadcasting"  what in quotations is missing on domain GP

Second part of question
How do i add registry keys to GP's
How do i create a GPO that will disable / enable certain services
How do i create a GPO for DEP
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®


Another one i just noticed that isn't avilable on domain level GP
Computer Config>Admin Templates>Windows Components>"Windows Defender Security Center"  what in quotations is missing on domain GP
Distinguished Expert 2018
Group policies are, out of the box, empty.  An odd concept people have to get used to with GPOs is that they don't have any settings, so nothing can be "missing."

The GP Editor, however, reads template files and presents the GUI used to add policies to a GPO.  IF you edit the same policy on two different machines, and those machines have different template files, the GUI will look different on each machine being used to edit the GPO, but the GPO is exactly the same (isn't changed.)

One way Microsoft attempts to resolve this is to allow storage of template files in a "Central Store" on the domain sysvol share.  But the Central Store must still be maintained and have updated template files added to it every so often. And if the templates in the central store don't match the templates on the local machine, the GP Editor for a local GPO will still look different than the GUI for a domain GPO.  This is by design.

In short, you have to edit GPOs from a machine with the templates that you want (such as Microsoft Edge), or create and maintain a central store with those templates.
Jeff GloverSr. Systems Administrator

Did you add the Windows 10 ADMX files?

Without these, you will not see a lot of the settings in Windows 10.
  For registry keys and services, I would use Group Policy Preferences. DEP a little harder. Never worked with it in a GPO

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial