Microsoft generally adds a lot of new features in each successive release of Windows Server. With the upcoming release of Windows Server 2012, Microsoft seems to have pulled out all the stops. There are goodies in there for everyone, from the storage administrator to the desktop manager. Behind all of these enhancements are improved ways to manage existing features and to implement management techniques for the new features.
One of the primary ways that Microsoft has traditionally recommended that administrators use for deep control is Group Policy. As you might expect, Group Policy has undergone some enhancements in Windows Server 2012. I’m not going to cover actual GPOs in this article, but will cover some of the great enhancements that have been made to the Group Policy framework itself.
Group Policy is a great tool but testing it has sometimes been trying. Although Microsoft makes available the gpupdate tool, which forces a client to refresh its local and Active Directory-driven policies, there are still occasions when it can take more than an hour for a Group Policy change to become effective.
Enter a feature new to Windows Server 2012. From within the Group Policy Management Console, you can right-click an Active Directory container and, from the shortcut menu, choose Group Policy Update, as shown in Figure A. In Figure B, note that you will be told how many computers will be affected by the operation. If you’ve selected a container with no computer objects, you will be told so. Finally, in Figure C, note that you get a status update so that you know exactly how the update turned out. From a troubleshooting perspective, this is a nice touch!
Note that this refresh cycle is necessarily immediate. The refresh will happen within 10 minutes on each selected computer.
Choose to update group policy on client systems (click to enlarge)
Learn about the impact that the action will have on the environment
The results are in!
Have you ever been left wondering just where things stand with regard to Group Policy in your domain? Wonder no more! In the Group Policy Management Console, Microsoft has added a handy “Status” tab, which becomes visible when the domain object is selected in the console. In Figure D, see the kind of information that is visible on this tab. Note that I have just a single domain controller in my Windows 8 lab domain.
View domain status from within the console (click to enlarge)
This status detection method is far superior to ones used in the past, such as the now-deprecated gpotool. When you click Detect Now, the system opens communication with all domain controllers and compares the SYSVOL group policy file hashes, file counts, ACLs, and GPT versions against the baseline server. Further, the number of group policy objects and associated versions and ACLs are also checked against the baseline to ensure that the entire group policy environment is operating as expected.
Support for Windows 8
Most notably, Group Policy in Windows Server 2012 adds support for Windows 8. I will cover the individual new GPOs in a future article. For now, understand that there are a lot of new ways that you can manage your technology environment using Group Policy.
New Windows 8-based GPOs exist for your use (click to enlarge)
New troubleshooting options
Although there were methods in previous versions of Windows Server to view log-based group policy activity, in Windows Server 2012, Microsoft has exposed this information through the Group Policy Management Console’s GUI directly. Available from the integrated Group Policy Results report, shown in Figure F, the Group Policy log file, shown in Figure G, gives you a detailed look at every step taking place with regard to Group Policy.
In Figure F, note that there are three entries on the page with “View Log” results. Simply click the View Log link to open a page like the one in Figure G. Log entries are available from the Details page of a Group Policy Results report.
Group Policy Results (click to enlarge)
The log file view
The Group Policy administrative experience has sometimes been a frustrating one, but Microsoft is adding new functionality to this critical service to make it easier to implement in more environments.