Longhorn Server Revealed: Group Policy Enhancements

Computerworld - Editor's note: Due to some inaccuracies about how VPNs work with Group Policy, and in response to a reader's comments, the section on network-location awareness was changed on Tuesday, Jan. 16, 2007 at around 3:45 PM. The story as it stands below has been corrected.


Longhorn Server, due to be released later this year, is a major revision of Microsofts flagship server operating system. In this article, Ill look at the most significant enhancements to Group Policy (GP) in Longhorn Server.

Network location awareness

Network location awareness, or NLA, is perhaps the broadest improvement within Longhorn Server and Windows Vista. It refers to the ability of the operating system to define and detect the current network environment and take action based on where the operating system thinks the computer is currently located and what type of connection is in use.

NLA allows Windows to determine whether the network is ready for use, whether the domain controller is currently available, the amount of bandwidth and the speed of the network connection, and which security settings are enabled. NLA can then use that information to make intelligent determinations about what processes should be started, stopped, or suspended.

For example, when you take a Windows XP machine that is a member of a domain with domain-based group policy objects in force and then disconnect it from the network, it will cycle through its boot process and sometimes hang for an inordinate amount of time while it waits to find a network connection that works. Windows XP is actually using ICMP, or pings, to look for a domain controller. If it cant use ICMP -- perhaps it is blocked, or otherwise unavailable on a disconnected machine -- and a result cant find a domain controller, all Group Policy processing stops.

In contrast, NLA lets Group Policy sniff out these scenarios directly, and Group Policy can then decide to wait to refresh itself or apply policy once the network is back up without waiting for the normal refresh cycle.

Further, NLA allows Windows to appear kinder to mobile users. Typically, with previous versions of Windows, if a mobile user logged onto the corporate network through a VPN, he would have to wait for the standard refresh cycle to get policy applied. This is no longer a requirement: GP can be applied in the background over the VPN immediately once a domain controller is detected.

New format for administrative templates

Administrative templates, which used to be text files with an .ADM extension, now in Longhorn Server are formatted in XML, get the extension .ADMX