Remote Server Admin Tools for Windows 10

img0_768x1366Microsoft has just released the Windows 10 version of the Remote Server Admin Tools. This is an addon to Windows 10 that gives you all the remote management MMC tools that are required to manager you Windows servers remotely.

It should be noted that it is always good practice to run the latest version of any Remote Management Tools, however as there were no actual under the hood policy changes then you can probably use the Windows 8/8.1 version of these tools without any problems. If all you are after is the new Windows 10 Group Policy Administrative Template settings then all you will need is to download the ADMX/ADML files and install them in your Active Directory Central Store.

Download RSAT: http://www.microsoft.com/en-us/download/details.aspx?id=45520

Download ADMX/ADML: http://www.microsoft.com/en-us/download/details.aspx?id=48257

Windows 10 Administrative Templates

img0_768x1366Microsoft has now release the Windows 10 Administrative templates. These are similar to the files in the Policy Definitions folder under the Windows directory. However Microsoft also releases the templates as a separate download so you can install the new policy setting without having to first install Windows 10.

These administrative templates also contain 10 additional ADMX files that are not shipped in the box with Windows 10.

  • Fileserverssagent.admx
  • grouppolicypreferences.admx
  • gamedvr.admx
  • terminalserver-server.admx
  • userdatabackup.admx
  • deliveryoptimization.admx
  • grouppolicy-server.admx
  • mmcsnapins1.admx
  • textinput.admx
  • windowsserver.admx

After you have downloaded and installed the file you will then need to copy the files from the “C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions” to the Policy Definitions Central Store.

Also note that this only adds Administrative Templates settings and you will still not get any change Group Policy Preferences by installing these files. For example you still need to have Windows 8.1 installed if you want to modify the IE 10/11 Group Policy Preferences.

Download Link http://www.microsoft.com/en-us/download/details.aspx?id=48257

Windows 10 Group Policy Settings Spreadsheet

img0_768x1366Microsoft has now release to the world Windows 10, and if you are running one of the 14 million devices  that now have Windows 10 installed you might be wondering what new features there are for businesses. So, to help answer that question Microsoft has released the latest Windows 10 Group Policy settings spreadsheet that list all the Group Policy settings. To view just the Windows 10 setting int the spreadsheet simply filter on the “Supported On” column and you can list all the new policy settings. Also note, that there are also a number of new “Microsoft Edge 1.0” settings that you can filter on.

These spreadsheets list the policy settings for computer and user configurations that are included in the Administrative template files delivered with the Windows operating systems specified. You can configure these policy settings when you edit Group Policy Objects.

To take advantage of these new Group Policy settings, all you need to do is copy the files from the local folder C:\Windows\PolicyDefinitions from any Windows 10 copy and put them in your domain “PolicyDefitions” Central Store.

Download it now from http://www.microsoft.com/en-us/download/details.aspx?id=25250

Edge Group Policy Settings

EdgeLogoWith the release of Windows 10, Microsoft has now also released their new web browser call Edge. This browser will be installed side Internet Explore by default on most installs of Windows 10. This is essentially a new browser that has been mostly re-built from the ground up for improved security, performance and HTML compatibility. But unlike its distant cousin browser ( IE ) that had over 1600 native Group policy settings. The new Edge browser currently only has 10 (ten) unique Group Policy settings.

These Edge Group Policy Settings can be found under (User or Computer)\Administrative Template\Windows Components\Microsoft Edge\ are:

  • Allows you to run scripts, like Javascript
  • Allows you to let people use autofill on websites
  • Allows you to let people send Do Not Track headers
  • Allows you to configured password manager
  • Allows you to run pop-ups
  • Stops address bar from showing search suggestions
  • Allows you to configure SmartScreen
  • Configure how Microsoft Edge treats cookies
  • Allows you to configured the Enterprise Site list
  • Sends all intranet traffic over to Internet Explorer

While most of the settings sem straight forward I would call out the last policy settings called “Sends all intranet traffic over to Internet Explore”. This policy setting is very similar to the “Chrome Legacy Browser Support” which redirect users web traffic to Internet Explorer if the web site needs is located on the Intranet. This will allow your users to use Edge for any external web sites but then drop back to the more Intranet friendly Internet Explorer when they visit any internal web sites.

Now I can already hear you say that only ten group policy settings does not seem like many. However, the key things to remember is that this is a new browser and Microsoft has said at the recent Ignite conference that more group settings will be coming. This also combine with the fact that the new Edge browser has far fewer settings and that it treats all web sites as “Internet” zones there is simply far fewer settings that need to be configured.

Another thing to also remember is that InTune will also soon be updated to configured similar policy settings for the Edge browser. This essentially allows you to also manage the Edge Browser on all your non-domain joined computers as well.

Either way new Edge browser can be managed via Group Policy or InTune, so if you are thinking about deploying Windows 10 in your organisaion you certainly have options to manage Microsoft’s newest browser.

How to apply WMI Filter to Windows 10 or Windows Server 2016

Windows 10 Technical Preview Start MenuAs you are probably already aware, Microsoft is soon going to be releasing the next version of Windows called… drum roll… Windows 10. Some of you might have already download the production by downloading the technical preview of Windows 10 as part of the Insider Preview. However, what you might not know is that the version number of Windows 10 is also taking a big leap forward from 6.3 to 10.0 (as you can see below).

Windows 8.1 Version Number

Win81Version

Windows 10 Version Number (Technical Preview 2)

Win10Version

 

Whenever Windows changes version number there is always applications compatibility issues. These have largely been mitigated for Windows 10 applications HOWEVER… WMI filter queries are affected by this change.

The example below might be familiar as it is a common way to apply a GPO to all Versions of WIndows after 7. It would also automatically work for Windows 8 and Windows 8.1 but it will fail for Windows 10.

select * from Win32_OperatingSystem where Version >= “6.1”

The problem stems from the comparison that WMI does as it treats the version as a string and not a number. This means that Version “10” is actually lower than “6.0” as 1 is lower that 6.

As you can see below in my example the same WMI filter as above is evaluating as False on my Windows 10 computer (called Win10).

Win10WMI

 

So… To have a WMI filter that matches Windows 7 or later (including Windows 10) then you need to use the following WMI filter:

select * from Win32_OperatingSystem where Version like “10.%” or Version >=”6.1″

This will evaluate true for Windows 10 AND any version of Windows greater that Windows 7 (6.1) as the report below shows.

Win10WMI2

 

In this example I have added used the like operator with the % wildcard so it will match any preview build of Windows 10. This will not work if Microsoft release a version of the OS with 11 version number, but as Microsoft have now said that Windows is going to be a service its a safe bet that this will work for a long while to come.

Of course the final version of Windows 10 has not been released yet so this might still change. However if you are testing Windows 10 in your environment now and you are wondering why the WMI filters GPO’s are applying this is your you can get going today.

Note: The same is also true for Windows Server 2016 as it has the same OS version number.

Thanks to Michale Niehaus for his help with this article.