Microsoft has released a list of 25 Group Policies that administrators should not use in Windows 10 and Windows 11 because they can result in suboptimal behavior or cause unexpected results.
Windows updates, and the policies that control them, have changed dramatically over the last few years. Notifications, the ability to specify update download, installation, and reboot behavior, and the configuration experience have all changed significantly since Windows 10 was released in version 1511. We’ve added features such as active time that allows devices to automatically reboot when the end user is not present, and we’ve changed notifications to include information such as estimated reboot times so that the end user can decide whether to reboot immediately or at a more convenient time.
Since the release of Windows 10 (version 1511) in November 2015, Microsoft has continued to evolve the operating system based on customer feedback, security improvements, new features, and overall optimizations.
However, this has left us with a mess of group policies that no longer work properly, cause unexpected behavior, or are superseded by new policies that provide better performance and user experience.
Windows Senior Program Manager Alia Curley had warned administrators in December that they should avoid using various Group Policies in Windows 10 and Windows 11.
Yesterday, Carly posted an article on the Windows IT Pro Blog that goes into more detail about the policies that should not be used, why administrators should not use them, and what they have been replaced with.
We’ve listened to your feedback and learned a lot about what experiences work and what experiences don’t work. We’ve also evolved and simplified the controls needed to support these improved experiences and identified which older policies are no longer relevant or have been replaced with better alternatives.
As a result, the Windows Update policy set includes policies that no longer have any impact, do not work as described on devices running Windows 10 version 20H2 or later, or work but not as well as policies that were added to provide a similar experience in a much better way
This list is invaluable for Windows administrators to review their existing Group Policy configurations and replace outdated policies with new ones that provide greater control and expected behavior.
He also explains that we’ve created a new Legacy Policies folder under Windows Update policies in the Group Policy Editor to make it easier to distinguish between deprecated policies that should not be used in Windows 11
Administrators can find a complete list of deprecated policies and recommended alternatives in the Microsoft article.
In addition to circumventing these policies, Microsoft warned that administrators need to decide if they want to use Windows 10 or Windows 11 ADMX files in the Active Directory Central Store.
So, what should I do if I have a mixed environment with both client OSes? In fact, only one set of ADMX files can be copied to the Active Directory Central Store.
Depending on your future plans, you need to decide which template is best for you.
If you will be using Windows 10 for a while, you should choose the Windows 10 ADMX file; if you are ready to upgrade to Windows 11 and this will be (or already is) your main OS version, you should choose the Windows 11 ADMX file. If you are ready to upgrade to Windows 11 and this will be (or already is) your main OS version, copy the Windows 11 ADMX file to the Central Store.
While administrators need to select an OS-specific set of ADMX files for the central store, it provides a method that administrators can use to manage policies for other OSes in their environment.
25 group policies that should not be set by administrators
*All reverse settings are recommended values
- Don’t show “Install and exit updates” option in “Exit Windows” dialog box
- Don’t adjust default option to “Install and exit updates” in “Exit Windows” dialog box
- Specify deadline for automatic restart of update installation
- Delay restart of scheduled installation
- Set notification for automatic restart of updates
- Set mandatory notification for automatic restart for updates Settings
- Turn off auto-restart notifications when installing updates
- Allow non-administrators to receive update notifications
- Specify engaged restart transition and update notification schedule
- Turn software notifications on
- Allow automatic updates immediately after installation
- Prompt reboot for periodic installation
- Reschedule periodic installation of automatic updates
- Schedule automatic restart warning notifications for updates
- Don’t automatically reboot logged on users during scheduled installation of automatic updates
- Select when to receive feature updates
- Defer upgrades and updates for up to 4 weeks (0-4 weeks).
- Defer upgrades and updates for up to 8 months (0-8 months).
- Select when to receive enhancement updates
- Enable recommended updates via automatic updates
- update/RequireUpdateApproval
- update/ PhoneUpdateRestrictions
- Defer update policy to prevent scans against Windows Update
- Update power policy for cart reboot
Comments