Windows Update for Business Group Policy Setting

COG1.pngMicrosoft has now release the new ADMX pack for Windows 10 1511 (Threshold 2). What is notable about this release is that is has the Group Policy setting “Defer Upgrade and Updates” which is the policy that enabled the Windows Update for Business feature.








This policy setting can be found under the “Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update”. To enable the new policy setting install download the Windows10_Version_1511_ADMX.msi from  and then copy the PolicyDefnitions folder over top of your Group Policy central store.

To use the setting simply configured the “Defer upgrade for the following duration” to the number of months you wish to defer the upgrade to the latest OS build. The “Defer updated for the following duration” is another option to delay the installation of security patches. Unlike the “Defer Upgrades” option “Defer updated” can only be deferred weeks based on their critical nature.

Also note, these policy setting are only applicable to computers that are configured to use Windows Updated as a source for patches. Updates that are delivered in corporates using WSUS are still controlled via the more traditional approve/deny within the tools itself.

Then to target the different levels of policy setting using my How to apply a Group Policy Object to individual users or computer or setup multiple test groups as per my other post  Group Policy for WSUS

Azure Active Directory Group Policy

AADLogoToday Microsoft announced Azure AD Domain Services Preview that allows Azure IaaS system to be joined to a cloud (Azure) based Active Directory. This feature also enables you to sync your on premise AD with the cloud so that users can logon to both on premise and in cloud with the same set of synchronised credentials. Conceptual, think of this as a separate AD that is in the cloud that is synchronised with your on premise AD. The users and objects in the cloud are essentially “clones” of the on premise objects so they behave similar to an account that has SidHistory of another account from a previous old domain. But as this is essentially a separate full AD this also means you now have the ability to deploy Group Policy settings to your servers and users in Azure IaaS.

This is certainly a great step forward for Azure AD however for now you need to be aware there are some caveats to this Group Policy functionality:

  • Managed domains provided by Azure AD Domain Services support only a flat OU (Organizational Unit) structure. All domain-joined machines reside in a single flat OU and hierarchical OU structures are not supported.

  • Azure AD Domain Services supports simple Group Policy in the form of a built-in GPO each for the users and computers containers. You cannot target GP by OU/department, perform WMI filtering or create custom GPOs.

While it is certainly not a fully functional version of Group Policy for Azure IaaS, it’s a start and you can now at least deploy a default set of policies to your servers and users in the cloud. Also bear in mind that this is a preview version of the service and Microsoft are always adding more functionality so its possible that this cloud change in the future.


Remote Server Admin Tools for Windows 10

img0_768x1366Microsoft has just released the Windows 10 version of the Remote Server Admin Tools. This is an addon to Windows 10 that gives you all the remote management MMC tools that are required to manager you Windows servers remotely.

It should be noted that it is always good practice to run the latest version of any Remote Management Tools, however as there were no actual under the hood policy changes then you can probably use the Windows 8/8.1 version of these tools without any problems. If all you are after is the new Windows 10 Group Policy Administrative Template settings then all you will need is to download the ADMX/ADML files and install them in your Active Directory Central Store.

Download RSAT:

Download ADMX/ADML:

Windows 10 Administrative Templates

img0_768x1366Microsoft has now release the Windows 10 Administrative templates. These are similar to the files in the Policy Definitions folder under the Windows directory. However Microsoft also releases the templates as a separate download so you can install the new policy setting without having to first install Windows 10.

These administrative templates also contain 10 additional ADMX files that are not shipped in the box with Windows 10.

  • Fileserverssagent.admx
  • grouppolicypreferences.admx
  • gamedvr.admx
  • terminalserver-server.admx
  • userdatabackup.admx
  • deliveryoptimization.admx
  • grouppolicy-server.admx
  • mmcsnapins1.admx
  • textinput.admx
  • windowsserver.admx

After you have downloaded and installed the file you will then need to copy the files from the “C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions” to the Policy Definitions Central Store.

Also note that this only adds Administrative Templates settings and you will still not get any change Group Policy Preferences by installing these files. For example you still need to have Windows 8.1 installed if you want to modify the IE 10/11 Group Policy Preferences.

Download Link

Windows 10 Group Policy Settings Spreadsheet

img0_768x1366Microsoft has now release to the world Windows 10, and if you are running one of the 14 million devices  that now have Windows 10 installed you might be wondering what new features there are for businesses. So, to help answer that question Microsoft has released the latest Windows 10 Group Policy settings spreadsheet that list all the Group Policy settings. To view just the Windows 10 setting int the spreadsheet simply filter on the “Supported On” column and you can list all the new policy settings. Also note, that there are also a number of new “Microsoft Edge 1.0” settings that you can filter on.

These spreadsheets list the policy settings for computer and user configurations that are included in the Administrative template files delivered with the Windows operating systems specified. You can configure these policy settings when you edit Group Policy Objects.

To take advantage of these new Group Policy settings, all you need to do is copy the files from the local folder C:\Windows\PolicyDefinitions from any Windows 10 copy and put them in your domain “PolicyDefitions” Central Store.

Download it now from