Microsoft reveals the most dangerous, pointless and misunderstood group policies for Windows 11
There are a huge number of ways to customize, optimize and tweak Windows, some of which involve using third party utilities, while others rely on tools that are built into the operating system -- like Group Policy Editor.
System administrators have used group policies to implement a wide range of settings for a long time now, but there are some that should be avoided. Microsoft has shared information about some of the legacy group policies that should not be used; some because they have no effect at all, some because they have unwanted or unexpected side effects. Take a look through the list and see if you need to make any changes to the policies you have put in place.
- DevToys is like an open-source Microsoft PowerToys for developers
- Windows 11 Settings can finally be used to manage your Microsoft account
- Microsoft releases emergency KB5010795 update for Windows 11, and nine more out-of-band updates, to fix Patch Tuesday problems
Writing on the Windows IT Pro blog in what she describes as "My BEST Blog EVERRR", Aria Carley reveals a total of 25 policies that Windows 11 admins should not use; she points out that the same advice also applies to Windows 10 version 20H2 and above.
The blog post is more than just a list of policies you shouldn't use, however. Carley also explain just why certain policies should be avoided and, where appropriate, suggests alternatives that should be used instead.
There is, for example, a group policy called Do not adjust default option to ‘Install Updates and Shut Down’ in Shut Down Windows dialog box. Why should you not enable this? Well, there is no point -- "This policy was never implemented on Windows 10 and will have no effect if set on Windows 10 or Windows 11."
Another policy, called No auto-restart with logged on users for scheduled automatic updates installation, has the description: "Do not automatically restart with the user logged on". But this is a little misleading, as Carley explains: "This policy was never created as a CSP. In Group Policy this policy does not work exactly as per description. Further, this policy can result in no quality update reboots period, given many users today never log off".
But admins are not left hanging; there is helpful advice:
The recommendation to replace this would be to leverage compliance deadline and then to configure no-auto reboot to prevent non-user aware reboots prior to the deadline being reached. Or for server devices, leverage Configure Automatic Updates options 7 -- notify to install and notify to reboot.
The full list of policies to be avoided can be found here.