Domain Level GPO's

Hello - I'm working on setting GPO for my Win 10 boxes, I'm farely new to Domain level GPO so bare with me as i try to explain.  What I'm having a hard time with is some controls that are available through local GP, are not available in Domain GP for example.
- Computer Config>Admin Templates>System>Credentials Delegation> "Remote host allows delegation of non-exportable credentials" to enabled. in quotations is what's missing from Domain GP
-Computer Config>Admin Templates>Windows Components>"Micorsoft Edge"  what in quotations is missing on domain GP
-Computer Config>Admin Templates>Windows Components>"Windows Game Recording & Broadcasting"  what in quotations is missing on domain GP

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Second part of question
How do i add registry keys to GP's
How do i create a GPO that will disable / enable certain services
How do i create a GPO for DEP
ManieyaK_CSSPAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ManieyaK_CSSPAuthor Commented:
Another one i just noticed that isn't avilable on domain level GP
Computer Config>Admin Templates>Windows Components>"Windows Defender Security Center"  what in quotations is missing on domain GP
0
Cliff GaliherCommented:
Group policies are, out of the box, empty.  An odd concept people have to get used to with GPOs is that they don't have any settings, so nothing can be "missing."

The GP Editor, however, reads template files and presents the GUI used to add policies to a GPO.  IF you edit the same policy on two different machines, and those machines have different template files, the GUI will look different on each machine being used to edit the GPO, but the GPO is exactly the same (isn't changed.)

One way Microsoft attempts to resolve this is to allow storage of template files in a "Central Store" on the domain sysvol share.  But the Central Store must still be maintained and have updated template files added to it every so often. And if the templates in the central store don't match the templates on the local machine, the GP Editor for a local GPO will still look different than the GUI for a domain GPO.  This is by design.

In short, you have to edit GPOs from a machine with the templates that you want (such as Microsoft Edge), or create and maintain a central store with those templates.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jeff GloverSr. Systems AdministratorCommented:
Did you add the Windows 10 ADMX files?  https://www.microsoft.com/en-us/download/details.aspx?id=56880

Without these, you will not see a lot of the settings in Windows 10.
  For registry keys and services, I would use Group Policy Preferences. DEP a little harder. Never worked with it in a GPO
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Group Policy management

From novice to tech pro — start learning today.