With the recent release of Windows 8, I have started getting lots of questions about “What’s New”. For IT Admins, one of the questions revolves around command and control of the Windows 8 devices that thy will be placing on their networks. Group Policy is the primary means by which we effect control over client machines and this is no different with Windows 8.
I spent some time rounding up some resources for managing Windows 8 clients as well as using Windows 8 as an administrative workstation. Links and descriptions below -
This article starts with a table of New and Changed Functionality. Of particular importance is the information on Local Group Policy for Windows RT machines as you will start seeing these come into your networks now. There are also new Group Policy Settings and Group Policy Preferences for Internet Explorer 10 that everyone should be aware of.
Next up, I recommend everyone take a look at the Group Policy Overview for Windows Server 2012 and Windows 8. This is a great all up overview of Group Policy. You should bookmark this page as there are some pieces that have not been completed and posted yet. You should re-visit this page weekly to check for updates.
This set of spreadsheets is a huge time saver when looking for Group Policy items. There are literally thousands of Group Policy settings that can be applied to machines and users and these spreadsheets help make sense of it all. This link provides downloads for the reference sheets for Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista, Windows 7, and of course, Windows 8.
One particularly exciting (and long overdue!) piece of functionality is the new Group Policy Update feature. This feature gives IT Admins the ability to forcibly refresh Group Policy on a client machine. A usage scenario would be making a firewall change to clients that needs to be implemented immediately to mitigate a threat. Group Policy Update now gives admins the ability to effect these changes rapidly to ensure policy meets internal standards as soon as possible. This excellent article by Alan Burchill explains in great detail how to implement this new feature.
Best practices dictate that we don’t sit logged into our server directly. Besides, most of our servers are virtualized these days so it is actually not always possible to sit directly at a server any longer. The Remote Server Administration Tools (RSAT) install to a Windows client machine and provide the necessary consoles and functionality to do administrative tasks. Everything from Active Directory Users and Computers to Server Manager can be used with these tools. Now refreshed to support Windows 8 clients.
Computer security is a game of leap frog – the bad guys find flaw and exploit it, the good guys identify the flaw and patch it. This cycle is never ending and should always be at the forefront of any IT Admins daily activities. With the release of a new Windows Server and a new Windows Client, I felt it prudent to remind everyone that there are new tools for admins and there will inevitably be new exploits. This security guide is a reminder of best practices and may even bring to light some things you can add to your arsenal in the constant battle with the bad guys.