Microsoft has published a list of 25 group policies that administrators should not use in Windows 10 and Windows 11 as they do not provide optimal behavior or cause unexpected results.
Since November 2015 when Windows 10 was first introduced, there have been many changes and some of them have caused Windows Update policies to interfere with performance, while others have been replaced with different versions.
Microsoft has identified which older policies have become irrelevant or replaced with a better option. The policies in this article are all more or less tied to Windows updates. Notifications, the ability to dictate the behavior of update downloads, installation, and restarts, and the settings experience have all shifted dramatically from what was originally released in the early Windows 10 versions.
This posting from Microsoft helps bring clarity to many years of frustration experienced by IT admins and Windows enthusiasts that wanted or needed to control the Windows Update experience.
As Alex Smith, Technical Product Manager at Malwarebytes, puts it:
“I am happy to see Microsoft finally clear the air on Group Policies for Windows Update. IT admins and Windows enthusiasts like myself have been frustrated trying to control the Windows Update experience on managed devices for years. At times, we questioned our technical sanity since the results wouldn’t align with the group policies being used. Now, that will be a thing of the past.”
Administrators can work with Group Policy Objects (GPO) to customize a computer’s functions and the user experience. Designed to be used mostly by network administrators, group policies define what specific users or a group of users can do on machines in their network, restricting or allowing features as necessary.
Where can I find the policies?
To change the Group Policies’ settings you will typically use the Group Policy Editor. The Group Policy Editor is a utility that allows you to configure Group Policy settings for a Windows PC or a group of PCs. Note that this is only available for Windows Pro versions.
Probably the easiest way to open the Group Policy Editor is by using search in the Start menu. First, click the Start button, and when it pops up, type gpedit and hit Enter when you see an entry called Edit Group Policy in the list of results.
To make life easier for Windows 11 users, Microsoft created a sub-folder under Windows Update to specify Legacy Policies. Please note that these sub-folders are only available in the Windows 11 ADMX templates. ADMX files are XML‑based administrative template files, that are language‑neutral and support multilingual display of policy settings. Microsoft Windows manages ADMX files from the central store that is a central location in the domain.
While admins need to select an OS-specific set of ADMX files for the central store, Microsoft has provided a method that admins can use to manage the policies for the other operating systems in their environment.
You can find the complete list of deprecated policies and suggested replacements in Microsoft‘s article. This list shows which policies are not recommended, why they are not recommended, and how to get the same or similar behavior with either default settings or recommended policies. This list can really help Windows administrators to review their existing group policy configurations and replace outdated policies with newer variants that provide more control and expected behavior.
A quick overview was provided in a tweet by Aria Carley (@ariaupdated) who wrote the article.
Homework assignment: Confirm that NONE of these legacy Windows Update policies are set on your #Windows10 or #Windows11 devices. Folks who complete the assignment will get a better update experience and an A+ Gif! pic.twitter.com/N1J1af53BF
— ariaupdated (@ariaupdated) December 10, 2021
The post Windows Update has changed over the years. Here are 25 group policies to avoid appeared first on Malwarebytes Labs.
Read more: blog.malwarebytes.com