Group Policy Settings and Deprecation

Jun
10
2014

In case you’re not familiar with the SAT vocab word deprecate (DEP-ri-kate), in computer terms it means to “spin down” or “take out of service.” So anytime a feature or something isn’t available anymore (or IS still available but shouldn’t be used), that feature is said to have been DEPRECATED.

I got this question from a friend, and thought it was interesting. Here’s the email question and my answer.

Q: Jeremy, have any Group Policy settings been deprecated, and if so, what was the story there?

A: Here’s the inside scoop of Group Policy settings, and the history of deprecation (as far as I know.)

There is no “insider baseball here” and everything here is drawn from public sources. Note: I could have my facts totally wrong here, this isn’t validated in any meaningful way. So, use at your own risk (though there is like.. zero risk here.)

Here’s the “birth” story of any given Group Policy setting:

  1. The Group Policy team itself doesn’t own *MOST* of the settings you find in Group Policy land. I think they do own the ones which pertain to Group Policy client itself, and login scripts and such. Basically if the setting configures “the engine” .. the Group Policy team owns it.
  2. The Group Policy team also own the entirety of Group Policy Preferences, whose editors are hardcoded into DLLs which ship with the GPMC.
  3. Other teams, example, the Shell team own their own ADMX settings. They submit settings to the Group Policy team for inclusion in the windows ship vehicle.
  4. Those settings are cleaned up as needed by the Group Policy team for inclusion into Windows.
  5. Teams are welcome to ship their own ADMX settings outside of Windows, say, APP-V and UE-V which have their own downloadable ADMX settings templates.

As for deprecation of settings .. here’s the “death” story:

  1. The Group Policy team has done a very good job of NOT deprecating *ANY* settings, except for two, which were related to how the Windows 2000 Group Policy engine could operate.
  2. So, said another way, to my knowledge only TWO SPECIFIC ADM/ADMX settings were removed in the history of Windows. (Again: I could be wrong.)
  3. All other settings owned by product teams have survived. Many have undergone NAME CHANGES and/or restrictions.
    1. For instance “Remove Games link from Start menu” might have started off life as “Windows Vista and later” (I think), but has since changed to “Windows Server 2008, Windows 7 and Windows Vista.” (http://screencast.com/t/wYcqfrsKZ) .
    2. And, for instance, “Prevent Access to the Control Panel” has been renamed to “Prevent Access to the Control Panel and PC Settings” (to reflect newness in Windows 8+.)
  4. The “deprecation heard round the world” was Internet Explorer Maintenance settings. Those are actually NEITHER Policy nor Preference. And the way they were killed was strange:
    1. You lost your ability to *PROCESS* IEM settings when the client had IE10 or later.
    2. You lost your ability to *EDIT* IEM settings when your management station got IE10 or later.

So this document came out to help: http://technet.microsoft.com/en-us/library/jj890998.aspx

But that’s it.

In more recent memory, at TechEd 2014 I made a formal announcement of Microsoft’s Group Policy team announcing that they are deprecating Password fields in Group Policy Preferences. That speech is here: http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/WIN-B328#fbid=

And you can learn more about the issue and the remediation here: http://support.microsoft.com/kb/2962486