To come straight to the point, there are not many new Group Policy features in Windows 7 and Windows Server 2008 R2. The important enhancements were introduced with Windows Vista and Windows Server 2008: Group Policy ADMX and ADML templates, Group Policy central store, Network Location Awareness, Group Policy Preferences, Group Policy Starter objects and Group Policy event logging. Some of these are absolute killer features, and should have been a good reason for many organizations to embrace Vista. Of course, Windows 7 will also come with these improvements. There are also new features in Windows 7, and as an admin you should learn about these changes even though they are not breathtaking.

It is interesting to note that Microsoft lists some of the above mentioned features as new in Windows 7. Somehow, they are expressing this way that Windows 7 is basically Windows Vista which is one of the main reasons why Windows 7 is a great operating system. But let’s see what is really new in Windows 7 Group Policy.

Windows PowerShell Cmdlets for Group Policy

I think, the new PowerShell Group Policy cmdlets are the most important enhancement in Windows 7 and Windows Server 2008 R2. You could already manage Group Policy before Windows 7 with PowerShell. A more convenient option are the free cmdlets from SDM Software. You should also check out their Group Policy Automation Engine, which supports scripting of many more policy areas.

(more…)

In my last article I gave an overview of AppLocker. In this post I will give you some tips on how to test AppLocker.

You can try AppLocker in a Windows domain environment using Group Policy or you can test it with the Local Security Policy snap-in. If you want to work with Group Policy, then you should install the Remote Server Administration Tools (RSAT) for Windows 7 first and then add the Group Policy Management Tools through the Windows Feature applet. This allows you to define Publisher Rules with the Group Policy Editor under Windows 7. You can also configure Publisher Rules on a Windows Sever 2008 R2 domain controller. But to do this you need a reference file of the application that might be unavailable on the domain controller.

(more…)

AppLocker is a new feature of Windows 7 that allows you to restrict program execution via Group Policy. It is comparable to—but better than—the Software Restriction Policies of former Windows versions, which are still supported in Windows 7 and Windows Server 2008 R2. Software Restriction Policies are not very popular among admins, because configuring them is time-consuming although it can easily be circumvented. AppLocker promises to address both downsides to Software Restriction Policies. In this article, I will give an overview of the capabilities, and in my next post, I will explain how to use AppLocker.

AppLocker supports three types of rules: Path Rules, File Hash Rules, and Publisher Rules. Path Rules and Hash Rules are already available as part of the Software Restriction Policies.

(more…)

Submitted by Inba

GPOExIm is a simple tool used to tailor the existing settings in GPOs and Backed up GPOs in your domain. Administrators can Export, Import, Cut, Copy, Paste and Remove any GPO settings (like scripts, software installation etc.) between GPOs and Backed up GPOs. You can also view and save a particular GPO settings report after filtering some settings.

Features:

Export/Import – Users can Export/Import a particular setting(scripts,software installation etc) from a GPO to a Backed up GPO and vice versa.

(more…)

Rate this tool: (10 votes, average: 4.20 out of 5)

 Loading ...

Submit favorite free admin tool | Free admin tools index | Browse free admin tools

Submitted by Dan Wilson

Handy tool that allows you to initiate remote Wake on LAN (WOL), update of Group Policy Objects (gpupdate), shutdown/restart right from Active Directory Users and Computers .

Update by Michael

SpecOps Gpupdate 2.0 is only available for a few days. I had a quick look at this nifty tool today. I have to agree with Dan – it is indeed a handy tool. Gpupdate can be launched in Active Directory Users and Computers (ADUC) by right-clicking on a single computer or organizational unit. In the latter case, the operation will be applied to all computers in this container.

(more…)

Rate this tool: (10 votes, average: 4.10 out of 5)

 Loading ...

Submit favorite free admin tool | Free admin tools index | Browse free admin tools

Submitted by Darren Mar-Elia – Blog: The GPOGuy Group Policy Blog

SDM Group Policy Refresh Cmdlet is the PowerShell version of my Group Policy remote refresh utility. The PowerShell version has many of its options, but leverages PowerShell to trigger remote Group Policy refreshes on systems on your network. It allows you to send options like /force and /sync and also lets you provide alternate credentials when connecting to the remote system. And because it is based on PowerShell you can easily pass a list of computer names through an import of a CSV file.

GP Refresh PowerShell Cmdlet

Rate this tool: (1 votes, average: 3.00 out of 5)

 Loading ...

Submit favorite free admin tool | Free admin tools index | Browse free admin tools

Microsoft published a new guide about the security settings in Windows Server 2008. This Technet article gives an overview and the guide itself can be downloaded here. What makes this guide so useful is not only the 214 page security guide (plus a 76 page appendix about security related Group Policy settings). Most interesting are the Excel files that come with the guide.

(more…)

Submitted by Darren Mar-Elia – Blog: The GPOGuy Group Policy Blog

The GPMC PowerShell cmdlets are a set of free cmdlets that wrap the functionality of Microsoft’s Group Policy Management Console (GPMC). The cmdlets provides functionality to PowerShell such as creating and deleting GPOs, linking and unlinking GPOs and modifying GPO permissions, to name just a few.

GPMC PowerShell Cmdlets

Rate this tool: (2 votes, average: 4.00 out of 5)

 Loading ...

Submit favorite free admin tool | Free admin tools index | Browse free admin tools

Group Policy and PowerShell are both very powerful tools to automate IT management tasks. Specops Command combines both technologies giving you an even more powerful scripting solution.

(more…)

Rate this tool: (9 votes, average: 4.11 out of 5)

 Loading ...

Submit favorite free admin tool | Free admin tools index | Browse free admin tools

I have been reviewing ADMX Migrator some time ago. This free Microsoft tool isn’t just useful to migrate your ADM files to ADMX templates. In my view, its biggest value is that you can create and edit Group Policy templates with a GUI tool without having to deal with XML. That is you won’t have to see one single angle bracket. There are no revolutionary new features in the version 1.2. But I would recommend getting it anyway since it also fixes some bugs.

(more…)

Microsoft offers new Group Policy templates for Vista. You probably know that in Vista the Administrative template files (ADM) were replaced with the XML-based ADMX format. Please, check out this article for more information about ADM and ADMX. I compared the new templates with the ones which come with Vista.

(more…)

Microsoft released some new reference guides: Group Policy ADMX Syntax Reference Guide, Windows PowerShell Quick Reference, Windows PowerShell Graphical Help File, VBScript Quick Reference. What I find interesting is that that Microsoft released these guides on the same day. Perhaps, this is just a mere coincidence. But maybe someone at Microsoft wants to remind us that there are quite a few technologies available to automate Windows management.

(more…)

Password polices are an essential part of any security strategy. Most users tend to use too weak passwords because they are easier to memorize, thereby, endangering your whole network. In a Windows 2000/2003 domain you can only enforce one password and lockout policy for all users. Windows Server 2008 enables you now to use multiple password policies. In my view, this is a very interesting new feature.

(more…)

Fullarmor ADMX Migrator is a free must-have Group Policy tool which allows you to create ADMX templates easily with a graphical user interface (GUI). You can also use it to convert your ADM files into the ADMX format. Under Windows Vista, the XML-based ADMX format replaces the ADM format that you have known from Windows XP/2003. Please, check out my posts about ADMX and ADM for more information.

(more…)

The February issue of WindowsITPro has an interesting article about Group Policy annoyances (subscribers only). I think the most common problem is Group Policy settings not taking effect immediately. You change a setting and reboot the machine, but the change doesn’t seem to show immediately.

(more…)