Tips – Finding the right Group Policy setting


UPDATED – see below for info on the new Group Policy Search web app

Now Windows Internet Explorer 9 (IE9) is nearing the end of it’s beta process it won’t be long before SysAdmins will be deploying it out across their networks. Something that occurs with any new Microsoft software is the need to update Group Policy to control any new features and lock down as appropriate. I thought I’d share a few tips on how I find discover and configure these new settings.

It seems that with each new Administrative template (ADMX) there are an ever-increasing amount of settings that can be managed (Over 1500 for IE9 alone!). While great for security it can be a headache to navigate. Microsoft usually lists the group policy settings for each product on the TechNet site, like this page for IE9, but did you know there is also an MSDN website (hosted on Azure) called Group Policy Search. This is a godsend policy administrators because not only does it allow you to search the contents of all the Microsoft Windows & Office policies but it also gives you the info like what the policy is supported on and even the registry key that the policy changes. This is a great place to copy details if you need to report to a manager on what a certain setting can do.

Group Policy Search Cloud App
Group Policy Search Cloud App

 This site does work on smartphones but I can see this working really well as a reference app on a mobile device. UPDATE: I just found that somebody has made this into an app for Windows Phone 7/8. Find it in the web store or search on your phones marketplace for Group Policy Search. Now it’s up to another dev to make one for Android and iPhone!

If you use Windows 7/Server 2008 R2, or later, you can also download a Search Connector (from the site’s Settings menu). This lets you search the Group Policy Search website from Windows Explorer, giving you an excerpt of the description and link to the relevant webpage. UPDATE: Unfortunately, due to the change of host for the web app, the connector is broken. Luckily, it is easily fixed by editing the OSDX file. Download the GroupPolicySearch.osdx connector from the site and open with a text editor. Change line 5 to the code below, save and then double-click the file to install to your userprofile/Searches folder

<Url type="application/rss+xml" template="http://gpsearch.azurewebsites.net/gps/rss.ashx?search={searchTerms}"/>
Group Policy Search Connector
Group Policy Search Connector in Windows 7

Another task that becomes complicated is to find settings you have previously changed. I may open up the Group Policy Editor knowing I need to modify a previous setting change but it can be like finding a needle in a haystack digging through all the non-configured settings. You can find it via a report in the Group Policy Management console but did you know you can also filter policies in the editor? Go to the View menu and choose Filter Options. Here you can set up a number of criteria on what you want to see. I typically would change it to only show configured settings and also any policy with my initials in the comments. This makes it really easy to see the changes I have made and adjust them appropriately.

Group Policy Filtering
Group Policy Filtering

I hope that’s given you a bit of help in discovering and managing group policy settings. Let me know your tips in the comments.

UPDATE: I discovered this great page in the increasingly useful TechNet Wiki – Group Policy Survival Guide. It contains links to anything and everything to do with Group Policy

Advertisements

2 thoughts on “Tips – Finding the right Group Policy setting

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s