Friday, 12 December 2008

SBS 2008 - Group Policy Client-Side Extensions compatibility update for Vista, XP, and Win2K3 Server

There is a lot to learn about in the new Windows Server 2008 based features in SBS 2008. While at Tech Days, one of the sessions was on Group Policy and it was phenomenal.

One Group Policy feature we learned about was the Group Policy Client-Side Extensions (GP CSE):

Group Policy Client-Side Extensions

Notice the huge number of settings that are available to us.

GP Client-Side Extensions enable us to deliver settings updates such as changing the local admin password company wide, a software package, make registry settings changes, and more using a "suggestion" model. That is, the settings can be pushed to the client system once if the Apply once and do not reapply setting is checked in the above screenshot, or every time the system is booted up if that setting is not checked.

GP CSEs give us some flexibility in our Group Policy settings deployment structures in that it allows the user to utilize the GP settings, ignore them, or remove them altogether if the settings do not reapply on boot.

To make full use of GP CSEs, Windows desktop clients (with the exception of Vista SP 1 with the RSAT installed) as well as Windows Server 2003 systems need an update: Information about new Group Policy preferences in Windows Server 2008. There are links in the Knowledgebase article to the updates for each respective operating system.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

2 comments:

Bruce Berls said...

It took me a while to discover that the GP extensions were required for my workstations to report their security status to the SBS 2008 console. http://www.bruceb.com/news/2008_12_01_archive.html#947927497131679410

One more item for the migration checklist from SBS 2003 to SBS 2008!

Bruce Berls
bruceb consulting
www.bruceb.com/news

Philip E. said...

Bruce,

The update was delivered to all Windows desktop OSs via WSUS in October.

We are still having some issues with them reporting their security status though.

Philip