Microsoft announced Wednesday that Release Candidate 1 (RC1) of Windows Server 2008 has been released to the public. This near-final test build of the server release incorporates a couple of new features and what is sure to be deemed an "enhancement" to the community. In this piece, I'll take a look at the new capabilities in Group Policy, and an update to Windows Genuine Advantage, that were introduced with RC1.
An introduction to Group Policy Preferences
Windows Server 2008 RC1 incorporates a feature called Group Policy Preferences, essentially the old PolicyMaker Standard Edition and Policy Share Manager in new form. Preferences is now part of the Group Policy Management Console.
In a nutshell, preferences allow you to "suggest" an initial configuration to your users while still giving them the ability to change them. Let's delve a little deeper into this.
You are probably familiar with Group Policy, the standard way to achieve a consistent configuration using out-of-the-box tools in a Windows domain environment. With Group Policy, an administrator can determine and set up his or her mandatory environment, configure it appropriately for the organization's needs, and then leave it up to Windows to strictly enforce those settings.
Group Policy generally overrides any user-provided settings in the event of a conflict, and it typically disables any user interface functions that could be used to change those settings. And while one can limit or otherwise affect the scope of a group policy object (GPO), Group Policy essentially can touch every machine that is a member of any given Windows domain. Machines and settings controlled by Group Policy are termed "managed" machines and settings.
In contrast, Group Policy Preferences (GPP) take a bit of a lighter approach. While GPPs still are set up by an administrator and filter down to managed clients, Group Policy writes preferences to the same places in the Registry where applications store their data about that specific setting. This lets GP address settings and switches in applications that don't by default know about Group Policy. So now applications you previously couldn't address in a managed way can be touched through GP, which is a welcome feature.
In addition, there isn't a restriction on the software's user interface, so if the administrator-defined preferences don't meet a user's working style or in some other way aren't what a user wishes, he or she is free to change GPP settings. You can also define the schedule at which Group Policy refreshes preference information. It can either be done at the same interval that GP refreshes policy -- the mandatory settings -- or you can set it once and then prohibit Windows from refreshing that preference again.
GPP is also "light-touch." You can create GPOs that contain preference information right out of the box. On the client, you'll need to install via a separate download a client-side extension (CSE); this will need to be deployed to any computer that is a target of your preference settings. The CSE will support Windows XP Service Pack 2 and later, Windows Vista and Windows Server 2003 with Service Pack 1 and later. If you install Windows Server 2008, you already get the CSE.
Windows Genuine Advantage changes
Also different in Windows Server 2008 RC1, and Windows Vista Service Pack 1 for that matter, is the behavior of Windows when its activation threshold is exceeded and the machine goes "out of tolerance," in Microsoft parlance. Previously, if Windows detected that you were not running with genuine software, it would go into what Microsoft called a "reduced functionality mode" that grayed out the desktop, removed access to most applications and allowed you to copy but not open personal files. The system would remain in this state until the "genuine" state of the product was restored.
Microsoft is now backing down from that stance and is doing away with the reduced functionality mode. Instead, if a system is deemed by Microsoft's utility to be not genuine, it will pester and nag the currently logged on user about that state, but Windows Server will not otherwise inhibit the user from accessing programs or files.