Group Policy Preferences : Colorful and Mysteriously Powerful, just like Windows 7

  • Article

How could something like CRUD be desirable? In Group Policy world, even the impossible becomes possible. In this entry, you’ll discover why Red does not mean Error and what the different colors mean when you make a Preference item. Read on!

Let’s talk about some of the intricacies of Preferences, specifically what we fondly refer to as CRUD options. Now, keep in mind, CRUD only applies to “stuff”, meaning things you can create and delete on the client, like mapped drives and shortcuts and printers. There are no CRUD options for things you just make changes to but don’t create, like “folder options”. More on this at the end.

Despite it’s unfortunate acronym, CRUD is very useful. It is also the reason those little spots of color get associated with you new Preference items. Select one of the four actions from the drop down menu to choose between Create, Replace, Update, and Delete. That decides how your Preference item will be pushed onto the client. Let’s take drive mappings as an example.

image

This is the Preference item

(in UI)                                                                                             (in XML)

image image

Now, under the “Action” drop down, you have four options :  Create, Replace, Update, Delete

Create – If a drive mapping doesn’t exist for this user for the share “\shareuserDocuments”,  then create one. If there already is one, don’t do anything! It’s a kind, gentle sort of policy, it won’t overwrite anything you already have, so it has a Green icon associated in the UI.image

Replace – Remove whatever drive mapping exists for this share, and create a new one with these settings. If there isn’t one, just create it. No matter what, you’re getting this drive mapping, whether something existed there or not. It’s very insistent, like the bully of the CRUD options, so it gets a Red icon. 

Update – Yellow – If that drive mapping exists, it will be updated with the settings specified here. If there are other settings associated with the drive mapping that aren’t specified here, they will be maintained. If no drive mapping exists for this share, create it. Nothing gets blasted away like with the Replace setting, but there is still a chance that you’ll overwrite something, so it gets a Yellow icon (warning! make sure you know what you’re going to be over-writing!).

Delete – X mark – If that drive mapping exists, it will be removed. That’s it, it’s just removed, so it gets an ‘x’ icon. It does not roll back, it gets deleted.

What did we learn? Red does not mean error! X marks the (delete) spot. Another picky note is that if you choose the “remove when no longer applicable” option under the common tab, it’ll force the CRUD action to Replace.

So, really, I’d recommend reading the help associated with each Preference item to make sure you know what you’re doing. 

Hope that helps!

liliaG aka @superlilia

P.S. The end! Here’s more on my stuff vs. state discussion. Stuff means something that can be created or deleted on the client machine / user account. Think of at is as something you can see appear. It has a new icon that becomes associated with it: when you add a new printer, an icon appears that looks like that printer in your Devices window. When you add a shortcut to the desktop, that shortcut appears. Similarly, when you remove a local security group, it is gone, the icon is removed, the group no longer exists. That doesn’t mean that not all local security groups are gone, just that instance of one. 

State is a state of being, like folder options. You can’t “create” a folder options, but you can make changes like “Show all hidden files”.

GP Preferences has both of these types of things, but CRUD only applies to the stuff bits. You can’t configure CRUD for state, and the UI isn’t there to let you try.

P.P.S. Here’s the help in the product:

image