Windows Server 2012 - What’s New for Group Policy? (Part 3)

by [Published on 23 July 2013 / Last Updated on 23 July 2013]

This article concludes the discussion of how group policy has changed in Windows Server 2012 by examining some of the new group policy settings.

If you would like to read the other parts in this article series please go to:

Introduction

So far in this article series, I have been discussing the various new capabilities found in Windows Server 2012’s Group Policy Object Editor console. Although these features are nice, they are not the only thing that is new with group policy. Microsoft has created 169 new group policy settings that apply to Windows Server 2012 and / or Windows 8. That’s not even counting all of the new Internet Explorer 10 policies. Although space limitations prevent me from discussing all 169 policy settings in granular detail, I do want to wrap up this article series by discussing some of the more useful new settings.

Windows Store

One of the big new features in Windows 8 is the app store. Although the app store no doubt has its place, it probably isn’t something that you want users accessing from corporate desktops. Fortunately, there is an easy way to disable the app store by using group policy settings.

To do so, open the Group Policy Editor and navigate to Computer Configuration | Policies | Administrative Templates | Windows Components | Store. The name of the group policy setting that you will use is Turn Off the Store Application. To disable the Windows App Store, simply enable this policy setting.

After you disable the store, the store’s tile will still appear on the Windows 8 start screen. However, when a user attempts to access the store they will see a message stating “Windows Store isn’t available on this PC. Contact your system administrator for more information.”

It is also worth noting that disabling the store also disables updates for any apps that were previously acquired through the store.

Disabling Toast Notifications

One of the more annoying Windows 8 features is something called toast notifications. A toast notification is a message that appears in the upper right corner of the screen. Toast notifications were designed as a way of allowing a background application to communicate its status. For example, suppose that you were to launch a process that converts a video file from one format to another. Since the process is likely to be time consuming, you push the conversion app to the background and work on something else. While doing so, a toast notification could be used to let you know that the video conversion has completed.

The problem with toast notifications is that they are baked into applications. Toast notifications are handy when they are properly used, but they can be abused. For example, I have seen applications that use toast notifications to display advertising even while the app is in the background.

You can use group policy settings to disable toast notifications.  To do so, open the Group Policy Editor and navigate to User Configuration | Administrative Templates | Start Menu and Taskbar | Notifications. Now, enable the Turn Off Toast Notifications on the Lock Screen setting.

Preventing Application Removal

One of the things that Microsoft did when they created Windows 8 was to try to make it easy for users to remove unwanted apps. In fact, a user needs only to right click on an app’s tile and then tap Uninstall. This functionality might be fine for a consumer oriented environment, but you probably don’t want users removing applications from a corporate desktop.

If you would like to prevent users from removing the apps that have been provisioned to their Windows 8 desktops, you can do so by opening the Group Policy Editor and navigating to User Configuration | Administrative Templates | Start Menu and Taskbar. The name of the group policy setting that you must enable is Prevent Users From Uninstalling Applications From Start.

Disabling Lock Screen Notifications

As you no doubt know, Microsoft designed Windows 8 to run on both tablets and PCs. As such, some features tend to be better suited for tablet use than PC use. One example of such a feature is lock screen notifications.

Windows 8 is designed to display a series of notifications on the lock screen. For example, the lock screen can display icons telling you how many new messages you have received and can also display details of your next upcoming appointment. This functionality can be very useful on a tablet device, but it can compromise a user’s privacy when the feature is used on a corporate desktop. As such, you may wish to consider using group policy settings to disable lock screen notifications.

To disable application notifications, open the Group Policy Editor and then navigate through the console tree to: Computer Configuration | Administrative Templates | System | Logon. The name of the group policy setting that you must enable is Turn Off App Notifications on the Lock Screen.

Disabling Tile Notifications

The Windows 8 Start screen is made up of live tiles that can display application specific information directly on the tile. When a user logs out, Windows retains the most recent data that was displayed on the tile so that it can be displayed again when the user logs back in. Although these cached notifications have their place, they can also lead to confusion. After all, who wants to log in on Monday morning and see last Friday’s weather and stock report?

You can disable the caching of tile notifications by navigating through the Group Policy Editor to User Configuration | Administrative Templates | Start Menu and Taskbar. Upon doing so, you can disable cached notifications by enabling the setting named Clear History of Tile Notifications on Exit.

Default Library Locations

As you are no doubt aware, Windows includes a set of default libraries for each user (Documents, Music, Videos, etc.) It is also possible to add additional folders to the default libraries. However, Windows 8 and Windows Server 2012 build on this concept by making it possible to standardize non default document libraries.

To see how this works, suppose for a moment that your organization had a standard PowerPoint template that was to be used for presentations. It would probably be a good idea to make that template easily available to everyone. One easy way to accomplish this is to add a library that points to a central template location.

The group policy setting that is used in doing so is called Location Where All Default Library Definition Files for Users / Machines Reside. You can find this policy setting in the Group Policy Editor under either the User or the Computer container. The policy setting’s location is Administrative Templates | Windows Components | Windows Explorer.

To use this policy setting, you must simply enable it and then provide a path to a default library definition location. Anything that you place in this path will be made accessible to all of the users or computers to which the group policy setting applies. Therefore, if you were to drop the standard PowerPoint template into a folder within the designated location, the folder and the template would automatically appear within everyone’s library.

Conclusion

As you can see, Microsoft has really put a lot of work into modernizing group policies in Windows Server 2012. Much of this work is related to the new Group Policy Editor console, but there are some very useful new group policy settings as well.

If you would like to be notified when Brien Posey releases the next part of this article series please sign up to the WindowsNetworking.com Real time article update newsletter.

If you would like to read the other parts in this article series please go to:

Advertisement

Featured Links