Layered group policies are now a thing on Windows

System Administrator

Time to apply! Microsoft has introduced the ability for IT admins to apply layered group policies on corporate devices, with the feature coming to both modern versions of the OS.

Windows 10 and 11.

The functionality is already live and enabled in Windows 10 as part of the July 2021 optional C client release, but it will receive wider availability in the August Patch Tuesday updates. Windows Server will get it later, while it will also make its way to Windows 11.

Redmond talked about this in its announcement blog post, with a brief summary of what layer Group Policy is, and how this new feature makes functions easier to implement.

Get a load of this:

“Device installation policies are used to restrict the installation of any device, both internal and external, to all machines across an organization while allowing a small set of pre-authorized devices to be used/installed. Every device has a set of ‘device identifiers’ that are understood by the system (class, device ID and instance ID). The allow list, which is written by the system admin, contains sets of identifiers that represent different devices – this way a system understands which device is allowed and which is blocked.”

So, essentially, IT administrators now have better control over what devices are and aren’t installed on the machines in their organizations.

They can add the new Group Policy feature to existing policies in order to enjoy hierarchical permission layering for increased device allowance and prevention flexibility. These new options also eliminate the need to understand different devices classes to stop USB classes from being installed.

You can grasp the full details of the utility of this new feature at the link above.