Performancing Metrics

GP Preferences Local Group extension - Group Policy Team Blog - Site Home - TechNet Blogs

GP Preferences Local Group extension

GP Preferences Local Group extension

  • Comments 2
  • Likes

Just had a question come through about 'Restricted Groups'. One of the original extensions to GP, increadibly powerful and helpful to admins who need to have better control over local group memberships. There are some scenarios that 'Restricted Groups' don't easily cover. This is one area where the new GP Preference extension Local Users and Groups can help.

The intent of the Restricted Groups Functionality is to publish an official member list for the target group. This is a good goal but there are many situations where there is some reason for people to add individuals to a local group that need to be there and may not be in the published member list. In this case the Restricted Group functionality will overwrite the local settings. Not a bad thing, not a good thing, just how it works...

The Group Policy Preference Local Users and Groups extension works differnetly. With this new extension, among many other features, you can merge the new members right into the target group without disrupting the existing membership. Sinple interface, intuitive and very easy to work with.

Take some time to explore the many new extensions provided in GP Preferneces there are some absolute gold mines in there.

To be clear there are some usage scenarios to be aware of.

  1. GP tools need to be run from Windows Server 2008 -OR- Windows Vista SP1 with RSAT
  2. GP Preferences Client Side Extensions need to be deployed to all of the target systems
    1. Client Side Extensions are supported on Windows Vista RTM, Windows Vista SP1, Windows XP SP2, Windows Server 2003 SP1
    2. The Cleint side Extensions are present on Windows Server 2008

 RSAT and the Client Side Extensions can be found on the download center, see other posts on this blog.

 Go Forth and Manage

 Kevin

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Hi,

    How are we supposed to deploy XmlLite for XP/2003 machines so the CSEs work, even though you can't apply them with WSUS 3.0 SP1?

    I have only found XMLLite in Microsoft Download Catalog under a Zune product category. Is there any way to get it into WSUS besides the Zune category? Even after importing it, it only shows up as "not applicable" for all machines.

    Why are CSEs deployable, but not the pre-requisite they need to work?

    Thank you.

  • I noticed that When I tried to use a Standard Environment Variable for %ProgramFiles% OR %<ProgramFiles>% as the destination path for a Files Preference Rule.. it actually pointed to C:\Windows\System32\...(my desired path)...    [using ProcessMon to see these details]

    If i used :   %ProgramFilesDir%  the Path would resolve correctly...