Analysis: Notable changes surface in Windows Server 2008 RC1

Yesterday, Microsoft announced that Release Candidate 1 (RC1) of Windows Server 2008 has been released to the public. This near-final test build of the server release incorporates a couple of new features and what is sure to be deemed an "enhancement" to the community. In this piece, I'll take a look at the new capabilities in Group Policy, and an update to Windows Genuine Advantage, that were introduced with RC1.

An introduction to Group Policy Preferences

Windows Server 2008 RC1 incorporates a feature called Group Policy Preferences, essentially the old PolicyMaker Standard Edition and Policy Share Manager in new form. Preferences is now part of the Group Policy Management Console.

In a nutshell, preferences allow you to "suggest" an initial configuration to your users while still giving them the ability to change them. Let's delve a little deeper into this.

You are probably familiar with Group Policy, the standard way to achieve a consistent configuration using out-of-the-box tools in a Windows domain environment. With Group Policy, an administrator can determine and set up his or her mandatory environment, configure it appropriately for the organization's needs, and then leave it up to Windows to strictly enforce those settings.

Group Policy generally overrides any user-provided settings in the event of a conflict, and it typically disables any user interface functions that could be used to change those settings. And while one can limit or otherwise affect the scope of a group policy object (GPO), Group Policy essentially can touch every machine that is a member of any given Windows domain. Machines and settings controlled by Group Policy are termed "managed" machines and settings.

In contrast, Group Policy Preferences (GPP) take a bit of a lighter approach. While GPPs still are set up by an administrator and filter down to managed clients, Group Policy writes preferences to the same places in the Registry where applications store their data about that specific setting. This lets GP address settings and switches in applications that don't by default know about Group Policy. So now applications you previously couldnt address in a managed way can be touched through GP, which is a welcome feature.

In addition, there isn't a restriction on the software's user interface, so if the administrator-defined preferences don't meet a user's working style or in some other way aren't what a user wishes, he or she is free to change GPP settings. You can also define the schedule at which Group Policy refreshes preference information. It can either be done at the same interval that GP refreshes policy -- the mandatory settings -- or you can set it once and then prohibit Windows from refreshing that preference again.

GPP is also "light-touch." You can create GPOs that contain preference information right out of the box. On the client, you'll need to install via a separate download a client-side extension (CSE); this will need to be deployed to any computer that is a target of your preference settings. The CSE will support Windows XP Service Pack 2 and later, Windows Vista and Windows Server 2003 with Service Pack 1 and later. If you install Windows Server 2008, you already get the CSE.

Windows Genuine Advantage changes

Also different in Windows Server 2008 RC1, and Windows Vista Service Pack 1 for that matter, is the behavior of Windows when its activation threshold is exceeded and the machine goes "out of tolerance," in Microsoft parlance. Previously, if Windows detected that you were not running with genuine software, it would go into what Microsoft called a "reduced functionality mode" that grayed out the desktop, removed access to most applications and allowed you to copy but not open personal files. The system would remain in this state until the "genuine" state of the product was restored.

Microsoft is now backing down from that stance and is doing away with the reduced functionality mode. Instead, if a system is deemed by Microsoft's utility to be not genuine, it will pester and nag the currently logged on user about that state, but Windows Server will not otherwise inhibit the user from accessing programs or files.

How is this a good thing for administrators? For one, there is less of a chance that production servers (or systems, for machines running Windows Vista Service Pack 1) will be knocked offline by a problem with WGA detection and notification. This situation has happened more than once over the past couple of years. Privacy and software rights advocates are also pleased with the decision not to cripple systems.

In short, Windows Server 2008 RC1 continues to tighten and polish areas of the operating system before its general release next year. The addition of the Group Policy Preferences feature is a welcome inclusion for administrators who want to further achieve consistency in configuration across their organization, and the removal of the "cripple" mode for machines deemed to be "non-genuine" can only be a positive move.

Jonathan Hassell is an author, consultant and speaker on a variety of IT topics. His published works include RADIUS, Hardening Windows, Using Windows Small Business Server 2003 and Learning Windows Server 2003. His work appears regularly in such periodicals as Windows IT Pro magazine, PC Pro and TechNet Magazine. He also speaks worldwide on topics ranging from networking and security to Windows administration. He is currently an editor for Apress, Inc., a publishing company specializing in books for programmers and IT professionals.

Copyright © 2007 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon