Windows 10 Layer Group Policy for IT Pros

Microsoft today introduced a new feature for IT professionals, poly policy (Layered Group Policy). The new feature allows you to configure which devices can be installed on machines in your organization and which are prohibited.

Windows 10

Windows 10 users already have the multilevel group policy with optional "C" updates July of 2021. They will be released for everyone with August's Patch Tuesday .

New located in the path Computer Configuration > Administrative Templates > System > Device Installation >Device Installation Restrictions.

screenshot 2021 08 05 15 09 20

Existing device restriction policies work with each device's identifiers, which it can recognize (such as class, device ID and instance ID).
The license list, written by the system administrator, contains sets of IDs representing different devices. In this way a system understands which device is allowed and which is blocked.

By adding the new Multilevel Policy Group to existing device installation policies, Microsoft makes this process much easier.

Intuitive use: With the new policy, you don't need to know the different classes of devices to prevent them from being installed classes only. The new policy allows you to focus on scripting actions of the USB classes and be sure that all other classes will be blocked unless the administrator allows it.
Flexibility: In the past, every prevention policy took precedence over any licensing policy, which created a set of definitions and a rigid set of devices to allow or prevent devices. This caused update strains every time a new set of devices entered the settings.

With the new policy, hierarchical layers are used in the following order:

  1. Instance ID: in the highest ranking
  2. Hardware IDs and compatible IDs (Device IDs)
    Class
  3. Removable device property: in the lowest ranking

The classification of the ID of each device works as a priority value.

If all USB classes are restricted by Group Policy, one or more USB devices in the whitelist may be ranked higher. However, the whitelist will only be able to be counted when a device from the whitelist is connected to the .

Read more

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
Layered Group Policy, windows 10, iguru.gr, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).