 |
 |
 |
More Powerful Group Policy in Windows Vista
Friday, January 5th, 2007
Windows Vista delivers a substantial update to the Group Policy infrastructure. Yet as organizations around the world deploy 
Windows Vista, many administrators probably won’t notice much of a difference in how they work because the numerous changes in Group Policy functions all take place under the hood. What administrators will find, however, is that Windows Vista Group Policy is much more powerful than it was in previous versions.
Prior to Windows Vista, Group Policy processing occurred within a process called winlogon. Winlogon had a lot of responsibility, which included getting people logged on to their desktops, as well as servicing the various Group Policy chores. Group Policy is now its own Windows® service. What’s more, it’s hardened, which means that it cannot be stopped nor can an administrator take ownership of the permissions upon Group Policy in order to then turn it off. These changes enhance the overall reliability of the Group Policy engine.
This is just for starters. Let’s take a more in-depth look at some of the major changes that have been made to the new Group Policy.
Improved Network Awareness
Before Windows Vista, the Group Policy engine would try to figure out if you were coming in over a slow link or a fast link. It would then use this knowledge to help craft which policy settings it would apply. Over a slow link, Group Policy wouldn’t send the entirety of policy settings to your system, as this could take quite a bit of time to download. This assistance hasn’t been removed from the new Group Policy. However, what has changed is how current network bandwidth is calculated.
This speed determination was done by sending Internet Control Message Protocol (ICMP) ping packets to Domain Controllers. This approach had many problems in real-world use. First, many administrators turn off ICMP on their routers. Second, if the connection was over high-latency links (like satellite), the calculations were unreliable. In these situations, the Group Policy engine had no guaranteed way to determine if the link was truly fast or not.
Additionally, the Group Policy engine had no idea if the machine was being restored from hibernation or standby mode. Nor did the Group Policy engine know if you suddenly dialed in after being off the network for six months. Using a machine that runs Windows XP or Windows 2000, a user could dial in, check e-mail, and disconnect—all without getting a Group Policy refresh. Most administrators would want to perform a Group Policy refresh, if needed, on a system being restored from hibernation or standby or a machine dialing in after a long absence.
The updated Windows Vista Group Policy is smart enough to know about network connectivity in real time. The main change is that the Group Policy engine now uses the Network Location Awareness 2.0 (NLA) handler in Windows Vista. The NLA service simply alerts the Group Policy engine whenever a Domain Controller is available. And, if so, a Group Policy refresh is performed if needed. Windows Vista: More Powerful Group Policy in Windows Vista — TechNet Magazine, November 2006
Popular Posts
Please read our Disclaimer
