Group Policy: Understanding Group Policy Preferences

Understanding Group Policy Preferences

Windows Server 2008 introduced Group Policy preferences, which are stored in Group Policy Objects (GPOs) but behave differently from policy settings in several key ways, including the following:

  • Preferences can be overridden by users, unlike policy settings, which are strictly set by Group Policy and may not be modified.
  • Policy settings are refreshed regularly – every 90 minutes by default. Preferences can either be refreshed on the same schedule or written only once. The latter options allows a preference setting to be modified by a user without reverting on the next refresh cycle.
  • If a preference setting is removed from a GPO, the setting persists on the GPO’s targets (the users and/or computers to which the GPO applies). Policy settings, on the other hand, are removed from targets when they are removed from GPOs.
  • Preferences may not be configured in a user’s or computer’s local GPO.
  • Preferences require no Group Policy support from applications. Settings are written to the same registry locations that applications and the OS itself write to, whereas policy settings are written to the Policy branches of the registry.
  • Preferences offer item-level targeting, which allows individual preference settings in a GPO to be applied to specific users or computers based on a wide variety of criteria.
  • Original registry settings on the client are overwritten and removing the preference does not restore the original setting. In other words, a preference actually modifies the corresponding configuration setting in the user interface on the client. Because of this difference, policies can be effective only for features of Windows operating systems and applications that are Group Policy–aware, while preferences can be effective for any features of Windows operating systems and applications as long as the appropriate preference extension is loaded.
  • Policies can be configured in both domain and local GPOs; preferences can be configured only in domain GPOs.
  • A preference can be applied only once if desired; policies are always periodically refreshed.

Setting that can be configured via Group Policy preferences as following:

  • Scheduled Tasks: Create, modify, or delete scheduled tasks.
  • Environment Variables: Define environment variables for users and computers.
  • Registry: Manage registry settings on a per-user or per-computer basis.
  • Mapped Drives: Configure mapped drives to shares on the network.
  • Local Users and Groups: Create, modify, or delete local user accounts and security groups.
  • Printers: Create, modify, or delete local or network printer objects, or share local printers to the network.
  • Files and Folders: Distribute files and folders from a specified source to many machines on the network, or clean up existing files and folders on those machines.

In the editor, under the Computer Configuration and User Configuration headings, you will find folders labeled Policies and Preferences. As you would expect, policy settings are located in the Policies folder, and preferences are located in the Preferences folder. The complete list of Group Policy preference categories as they appear in the console in Windows Server 2008 R2 is shown below:

GPO-preferences

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook @windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

Leave a Reply