New Group Policy Settings in Windows 10 (RTM Release)

I blogged last October about the new Group Policy settings in the first preview version of Windows 10. There was not too much to write about and I thought now that the RTM bits are here it might be fair to take a look at it again. Things are looking much better now, but I must say that I was hoping to find a bit more on the GPO side of the mighty Windows 10. For example, there’s only a handful of settings related to configuring or hardening Microsoft Edge. I have to believe that there’s more to come in the future.

Anyways, you can get the all new ADMX templates here https://www.microsoft.com/en-us/download/details.aspx?id=48257. Microsoft also released a spreadsheet of the settings, which you can get here: http://www.microsoft.com/en-us/download/details.aspx?id=25250. Go get them!

A word of advice using the spreadsheet. There is a column called “New in Windows 10“. Don’t trust it for filtering as it’s screwed up somehow. Use the “Supported On” instead.

One minor issue

If you’re using central store in your environment (PolicyDefinitions folder on SYSVOL) be prepared to do some cleaning on the existing ADMX/ADML files as I found at least one overlapping setting definition. Errors in the template files or multiple definitions will cause the GPO Editor to pop up an error message like the following. In this case saying that “Namespace ‘Microsoft.Policies.Sensors,WindowsLocationProvider’ is already defined as the target namespace for another file in the store” and pointing to a file called “microsoft-windows-geolocation-wlpadm.admx” and “line 5“, “column 10” within it.

Windows 10 GPO Overlapping

The WindowsLocationProvider namespace is defined in an existing ADMX template and within the new ones. The fix is easy as you can delete the old definition as it is defined in a separate ADMX file and not in a big, consolidated one. Find a file called LocationProvicerAdm.admx (that’s the old one) and delete it from the PolicyDefinitions folder. Do the same for all the ADML files with the same name. The error message actually displays the newer one so don’t delete those. Once cleared, the GPO Editor should open without errors. There could be other issues especially if you carry on a lot of legacy templates, but this was the only problem in my small lab environment.

Happy GPOing!

Leave a Reply

Your email address will not be published. Required fields are marked *

Please, do the math and help fight spam * Time limit is exhausted. Please reload the CAPTCHA.