- Group Policy Preferences Overview (DOCX Document)
- Microsoft Downloads: Search for Group Policy Preferences (Search Results)
SBS 2008 Group Policy Preferences
With the exception of any Windows Vista SP1 workstations that have the RSAT (download site) installed, all workstations and servers will need to be updated to accept the GP Preference settings pushed out to them.
For those using WSUS, the update should have come and gone a while back: Microsoft Knowledgebase KB943729: Information about new Group Policy preferences in Windows Server 2008. If not using WSUS, then a file for each OS and architecture (x86 or x64) will need to be applied. The above search results link contains links to each file needed as does the KB article.
Group Policy Preferences are just that: Preferences. They enable us to provide the user with a set of allowed configurations on their desktops that they can choose. If they don't like something in one of the GP Preferences, they can disable it, change the setting to something they prefer, or just ignore it altogether.
They also give us the ability to fine tune a user's experience as well as connected network resources without the use of complicated logon scripts. We can create and link a GPO to an OU or Security Group to limit the scope of the preferences.
Or, we can use GP Preferences to set up and push a local admin account (using a limited domain account created in ADUC) on all Windows Vista and XP Pro workstations that we can change the password for in a snap after say a run of software updates. Thus, once the password has been changed, it is possible to have a little more control over what is happening on the SBS network.
This feature is one big plus to migrating existing SBS 2003 domains to SBS 2008.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.