Group Policy Editor: 6 Ways to Make it Wayyy More Powerful

For nearly two decades, the Group Policy Editor has been a valuable management tool to enforce configuration settings. Combined with Group Policy Preferences, administrators have been able to manage more than 10,000 settings. Group Policy Editor has become the “go-to” tool to ensure users receive an excellent desktop experience.

However, while Group Policy Editor may be a “go-to” tool, it isn’t an “everything” tool. Sure you can manage Microsoft web browsers but what about Firefox and Chrome? What’s the use in being able to manage 10,000 settings if your computers aren’t domain joined? What about those challenging aspects of Windows 10 for Group Policy Editor comes up a little short in overcoming? Well for all of those instances and more, there is an excellent enhancer called PolicyPak that can supercharge your Group Policy Editor and give you new found powers and abilities to deliver not just settings, but a predictable and secure desktop experience for all of your users. Below are just some of the key enhancements that PolicyPak customers enjoy.

Group Policy Editor Enhancement #1: Reducing GPOs

If you have a large AD structure and utilize Group Policy, then you probably have many GPOs. Well the more GPOs you have, the more moving parts, which makes management and troubleshooting more challenging. Wouldn’t you like to consolidate all of your them into a few easy and intuitive GPOs instead?

Merge Group Policy Settings

 

The PolicyPak Group Policy Merge tool is a powerful tool analyzes all of your present-day GPOs. It also gives you the ability to import any or all into a single GPO. For instance, maybe you have a dozen different laptop policies for different conditions that target your laptops. Then you probably have at least a dozen targeting your stationary desktops as well. Why not create two GPO collections, one called Laptop Stuff and one appropriately named Desktop Stuff. To top it off you can use Item Level Targeting to ensure that laptop stuff goes to laptops, etc. Of course, you can do the same thing with user-side settings as well. The result is a streamlined GPO structure that is far easier to manage.

Group Policy Editor Enhancement #2: Multi-Browser management

Group Policy Editor can natively manage multiple browsers, as long as those browsers are IE or Edge. Neither of these options is popular amongst users. Moreover, while there are ADMX files available for Chrome and Firefox, they provide only a scattering of settings that can be managed. Then, of course, there is the endless ritual of browsers constantly prompting users for default browser status that GP Editor is of no help. You also don’t have the means to assign specific browsers to specific websites to ensure that your cloud applications work optimally.

There is a far more customizable solution to these multiple browser problems, and that’s PolicyPak Browser Router. Imagine being able to deliver nearly any configuration setting you want to secure and lock down Firefox or Chrome. PolicyPak Browser Router gives you the power the to win the default browser battle once and for all by declaring which browser will hold that title. Doing so is as simple as creating a policy as you’ve always done in Group Policy Editor. In this example, we are making Chrome our default designated browser.

First, we make a policy.

Manage Multiple Browsers
 
Next, we select the browser.
 
Select browser
No more prompts for your users – ever again. Browser Router also lets you assign a selected browser to each of your critical websites. Should a user attempt to open one of these sites with a non-assigned browser, that browser merely is closed, and the URL is opened with the correct one.

Group Policy Editor Enhancement #3: Managing Applications

Chrome Application Manager
Your applications are the workhorses that your users interact with every day. As an IT admin, part of your job is ensuring that the application experience is predictable each time for all users. That’s precisely what PolicyPak Application Settings Manager delivers – predictability. While Group Policy Editor can help you manage and deliver settings for Windows and Microsoft applications, PolicyPak can manage settings for applications such as Firefox, Adobe Reader, Java, and over 300 other popular applications. No need to download third party ADMX files as all application settings are provided in what we call “Paks” that is continually updated as these applications evolve. What’s more, PolicyPak Application Settings Manager works with real and virtualized applications alike.

Group Policy Editor Enhancement #4: Managing Start Menu and Taskbar

Start Screen Manager for Windows 10

There are so many great things about Windows 10, but managing its Start Screen and Taskbar isn’t one of them. It’s a challenge. Yes, Group Policy Editor does offer some management capabilities to limit the frustration over these desktop areas, but PolicyPak Start Screen and Taskbar Manager give you full control over them, eliminating that burden. With PolicyPak, you can place Desktop, Windows Universal and Edge tiles into your desired Start Screen groups and then lock them down so users can’t work around them. You can even use Item Level Targeting to determine who should get what” settings based upon conditions like security group, device type, etc.

Group Policy Editor Enhancement #5: Removing Loopback

We all want to have our cake and eat it too. That’s why GPO admins have resorted to the dreaded Loopback feature of Group Policy Processing to interject user-side policies on the computer side for so long. Why do that? Well because there are lots of user side only settings that you sometimes want to apply to kiosk machines and other computer devices regardless of who is accessing them. Unfortunately, Loopback incorporates a great deal of complexity into your GPO environment. In the same way that PolicyPak helps simplify things with its Merge Tool, it does the same for those times when you want to apply Group Policy Preference items that would only usually apply on the user side to any computer you want. Just one more way that PolicyPak both enhances and simplifies.

Group Policy Editor Enhancement #6: Extending Group Policy to MDM

With PolicyPak MDM Edition, you can deliver real Group Policy settings to your Windows MDM devices. PolicyPak lets you manage both domain-joined and non-domain joined machines in the same manner. With PolicyPak, you don’t have to choose one or the other. If you have an enterprise Windows device, then you can use PolicyPak to deploy and enforce settings.

If you enrolled all of your Windows devices with an MDM solution but have remorse over losing Group Policy control over them, then fret no more. Whether your solution provider is Intune, Workspace One or MobileIron, PolicyPak MDM Edition integrates with it. That means that you can export real Group Policy settings and easily import them into your MDM. Then apply them like you would any settings profile. Now your MDM can have super admin powers as well.

Group Policy Editor Enhancement #7: Managing non-domain joined machines

Of course even for machines that aren’t MDM enrolled, mobile and remote devices are a challenge at best for Group Policy Editor. That’s why we created PolicyPak Cloud edition so that on-prem, off-prem and non-domain joined devices are updated continuously in a similar fashion so that every desktop, regardless of location, has the most current settings.

Final Thoughts and Getting Started with PolicyPak

The Group Policy Editor is a powerful and mature Group Policy management tool that covers basic configuration and deployment scenarios. While still extremely relevant, the highly complex enterprises of today have outgrown its abilities in some respects. However, that doesn’t mean it needs to be replaced. It just needs to be enhanced. That’s what PolicyPak does. We make Group Policy better, regardless of your environment. You can check out all of our enhancing components that can bring Group Policy back up to speed, giving you powerful, yet simplified management over all of your Windows devices.

To try PolicyPak for free, click here.

Jeremy Moskowitz

Founder & CTO, Microsoft MVP in Group Policy, Enterprise Mobility, and MDM

Jeremy Moskowitz founded PolicyPak Software after working with hundreds of customers with the same problem they couldn’t manage their applications, browsers and operating systems using the technology they already utilized.

Ready to Get Started? Register for Our Demo.

Our PolicyPak Demos explain everything you need to know to get started with the software. Once you've attended the demo, you'll be provided a download link and license key to start a free trial.