Active Directory, DISM, Group Policy Objects, Group Policy Preferences, Uncategorized, Windows 10

Setting Acrobat Reader DC as the default PDF viewer on Windows 10 with a GPO

  1. Create a AdobeReaderAssociations.xml file that’s in the Adobe Enterprise Administration Guide or create your own using DISM
  2. Copy that file on a shared location. Using group policy preferences copy the XML file to the local device
  3. Apply the XML file by opening up the group policy and navigate to Computer Configuration\Administrative Templates\Windows Components\File Explorer\Set a default associations configuration file
  4. Select Enabled and specify the path for the XML file and click Apply
  5. The corresponding registry entry is HKLM\Software\Policies\Microsoft\Windows\System\DefaultAssociationsConfiguration
Thanks to the GuruPackager
Administration, Group Policy Objects, Group Policy Preferences, Uncategorized

Finding that GPO Setting

Even needed to find one group policy setting but couldn’t remember where it was? Have a look at the Group Policy Administrative Templates Catalog. Search everything from Microsoft, Citrix, Adobe and Chrome.

GPMC, Group Policy Objects, Group Policy Preferences, Registry, Windows 10

How to: Enable Windows 10 Biometrics (Facial and Fingerprint) Logon

Enable all of these policies and set the registry key to enable the Windows 10 facial and fingerprint logon feature.

Group Policy settings:

Computer Configuration\Administrative Templates\System\Logon

  • Turn on convenience PIN sign-in (Enabled)

Computer Configuration\Administrative Templates\Biometrics

  • Allow the use of biometrics (Enabled)
  • Allow users to log on using biometrics (Enabled)
  • Allow domain users to log on using biometrics (Enabled)

Computer Configuration\Administrative Templates\Biometrics\Facial Features

  • Use enhanced anti-spoofing when available (Disabled)

Computer Configuration\Administrative Templates\Windows Hello for Business

  • Use a hardware security device (Enable)
  • Use biometrics (Enabled)

Group Policy Preference settings:



Administration, Group Policy Preferences, Registry

Modify Performance Options and Visual Effects via Registry

Had a situation where I needed to modify the Visual Effects, under Performance Options, for a customer.

Create a Registry Item in Group Policy Preference under the User Configuration.


You have a number of options for the data value:

VisualFXSetting=dword:00000000 = Let Windows choose what’s best

VisualFXSetting=dword:00000001 = Adjust for best apperance

VisualFXSetting=dword:00000002 = Adjust for best performance

VisualFXSetting=dword:00000003 = Custom

Add the Apply once option and the end user can modify as required.

Administration, Group Policy Objects, Group Policy Preferences, Internet Explorer, Microsoft

Missing Internet Explorer Maintenance settings for Internet Explorer 11

Internet Explorer Maintenance settings have been deprecated in favour of Group Policy Preferences, Administrative Templates and the IE Administration Kit 11.

Because of this change, Internet Explorer Maintenance configured settings will no longer work on computers running Internet Explorer 10 or newer.

Have a look at these Microsoft article for more details:


Active Directory, Group Policy Objects, Group Policy Preferences, Windows 10

Windows 10 Group Policy Settings

Microsoft has released the latest Windows 10 Group Policy settings. As usual there is a handy spreadsheet with all the settings, plus new filtering capabilities that make find the new polices easier.

Download the spreadsheet:

Get all the templates from any Windows 10 machine. They are located in the C:\Windows\PolicyDefinitions folder. Then copy them into your domain central store (C:\Windows\SYSVOL\sysvol\{domain}\Policies\PolicyDefinitions).

Active Directory, Administration, Group Policy Objects, Group Policy Preferences

Enabling Group Policy Logging and Tracing

Need to debug what is happening with your group policy preferences? Then enable the logging and tracing setting under:

Computer Configuration\Policies\Administrative Templates\System\Group Policy

Enable one or more of the preference client-side extensions.

Reboot the machine and logon.

The logs will be written to:

  • User trace %COMMONAPPDATA%\GroupPolicy\Preference\Trace\User.log
  • Computer trace %COMMONAPPDATA%\GroupPolicy\Preference\Trace\Computer.log
  • Planning trace %COMMONAPPDATA%\GroupPolicy\Preference\Trace\Planning.log


Administration, GPMC, Group Policy Objects, Group Policy Preferences

Group Policy Refresh Interval

Administrative Templates\System\Group Policy

By default, computer and user Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes. In addition to background updates,

Group Policy for the computer is always updated when the system starts.

Group Policy for users is always updated when they log on.

You can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates might interfere with users’ work and increase network traffic, very short update intervals are not appropriate for most installations.

If the Disable background refresh of Group Policy policy is enabled, this policy is ignored.