WHFB-Cloud Kerberos Trust Compatible for Server 2012 R2
Hi We have Hybrid AAD join environment and currently have DC : 2012 R2 along with ADC 2019. Currently we have Cloud Kerberos Model and need to configure WHFB via GPO. Does 2012 R2 compatible for that or do we need to upgrade that to Server 2016. Any suggestion or experience? Already go through below Microsoft Ref link, that mentioned that Server 2016 is minimum requirement. However 2012 R2 is production one so don't want to upgrade that. Does Window Hello for Business workable in that scenario https://learn.microsoft.com/en-gb/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust?tabs=intuneGroup Policy Preference Processing Order and Priority
When using group policy preferences we understand how to set the processing order within a single area for example within the 'Drive Mappings' section of GPP. However, we have some questions around the following: When a single GPO defines GPP settings in more than one area (for example drive mapping and internet options' how is processing for the areas ordered? It seems like it orders them in terms of the GUIDs for the CSEs listed here HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtensions. When multiple GPOs define GPP settings in the same area (Internet Settings for example) how is processing ordered across GPOs? Does it follow the same ordering as standard GPO?
Preinstall new Edge browser group policies in Windows 10 and remove the Edge legacy group policies
The new Edge browser is now by default preinstalled on Windows 10, but the group policies for managing it are absent. it just makes sense to have them by default preinstalled in Windows 10 for easier management. keep the policies up to date via Windows update or Microsoft update. please upvote this feedback in feedback hub: https://aka.ms/AAaqkty
Turn On - System Protection via Group Policy
Hey everyone, Is there a way to Turn On system protection AND set it to run once a day via a group policy? I've searched and I've come empty about this so I wanted to reach out to the community and see if it's possible. I know that I can Turn On System Protection using PowerShell, using the Enable-ComputerRestore, and I know I can use Checkpoint-Computer to create a checkpoint; however, I'm trying to do this for 500+ devices and I wanted to stay away from using a script and deploy it using SCCM. Thanks!
Windows 10 1903 Group Policy Issues after OSD
Hi, We've recently started deploying Windows 10 1903 (First Win 10 version too...) with SCCM 1902 with MDT and group policy appears to apply, according to the logs but then we find certain settings not actually applied, even though a gpresult shows them as being applied. Checking the various reg keys etc. for our policy settings on a client, I have seen that all of our GPO settings get applied and then some but not all get mysteriously removed, for example the Interactive Logon message gets applied but then removed, as in the registry value is removed. Running a gpupdate /force after this has happened, appears to fix the issue. However using the SMSTSPostAction variable to run a script or command to update Group Policy, doesn't work either, the script/command runs (As per log files) but the above does still occur until we run a gpupdate /force (A ordinary gpupdate does nothing, so most of the time reboots etc. do nothing). We have no Group Policy related Group Policy settings (As in the ones that control whether CSEs process during slow links etc. and whether they process even though there are no changes) and we cannot find any other reason for this not to work correctly. I think until we find a fix, using the RunOnce reg key/value maybe the workaround... Would someone at Microsoft be able to confirm whether this is a confirmed issue at Microsoft and whether there is a fix for it please? Or if there is a fix incoming as potentially some of our security related GPOs are not being correctly applied. Many thanks, Luke
