How to Set Up Windows Server 2016 Group Policy Preferences

Group Policy Preferences (GPP) extend the traditional Group Policy settings model by providing a richer set of configuration items that can be applied, updated, or removed based on targeting conditions. Introduced in Windows Server 2008 and fully supported in Windows Server 2016, GPP covers drive mappings, printer connections, registry values, shortcuts, scheduled tasks, environment variables, and more. Unlike standard policy settings, GPP items use a default action of Update, meaning they can be changed by users locally, making them suitable for managed defaults rather than enforced restrictions.

Understanding GPP vs Standard Policy Settings

Standard policy settings appear in the Computer ConfigurationPolicies or User ConfigurationPolicies nodes. These are strictly enforced and reapplied on every refresh. GPP items appear under the Preferences sub-node of each section. Each GPP item supports four actions: Create, Replace, Update, and Delete. This action model provides lifecycle management that standard policies do not offer.

Mapping Network Drives with GPP

Network drive mappings delivered through GPP replace legacy logon scripts and are far easier to manage. Open the Group Policy Management Console (GPMC), create or edit a GPO linked to the appropriate OU, and navigate to:

User Configuration > Preferences > Windows Settings > Drive Maps

Right-click and select New > Mapped Drive. Set the action to Update, specify the drive letter and UNC path, and enable Reconnect. You can also configure the item label, which appears in File Explorer. To deploy drive mappings via PowerShell for documentation purposes, the following command shows how to inspect existing drive maps in a GPO:

Get-GPO -Name "User Drive Maps" | Get-GPOReport -ReportType XML |
    Select-String -Pattern "DriveMap" -Context 2,5

Deploying Printers with GPP

Navigate to User Configuration > Preferences > Control Panel Settings > Printers. Right-click and choose New > Shared Printer. Enter the UNC path of the print server share (e.g., \PrintServerAccountingPrinter) and choose whether to set it as the default. Printer preferences support item-level targeting, so you can limit deployment to specific IP subnets, security groups, or even operating system versions.

Configuring Registry Settings

GPP Registry items allow you to set or remove specific registry values without writing a script. Navigate to User Configuration > Preferences > Windows Settings > Registry. Right-click and choose New > Registry Item. Select the hive, key path, value name, type, and data. For example, to disable a specific application’s auto-update check for all users:

Hive: HKEY_CURRENT_USER
Key: SoftwareVendorAppName
Value name: DisableAutoUpdate
Type: REG_DWORD
Data: 1

Creating Shortcuts with GPP

Deploy desktop or Start Menu shortcuts without packaging them as software. Navigate to User Configuration > Preferences > Windows Settings > Shortcuts. Create a new shortcut, specify the target path, icon, working directory, and destination (e.g., All Users Desktop or a specific folder path using environment variables).

Deploying Scheduled Tasks

GPP can create scheduled tasks that run maintenance scripts without requiring local administrator rights during deployment. Navigate to Computer Configuration > Preferences > Control Panel Settings > Scheduled Tasks. This is particularly useful for running inventory scripts, disk cleanup tools, or compliance checks at defined intervals.

Item-Level Targeting

Item-level targeting (ILT) is the most powerful feature of GPP. It allows each preference item to apply only to objects that meet specified conditions, without needing separate OUs or GPOs. Common targeting conditions include:

Security Group — applies to members of a given AD group
IP Address Range — applies to machines on a specific subnet
Operating System — restricts to specific Windows versions
User / Computer Name — limits to named accounts
LDAP Query — custom LDAP expressions for advanced targeting

Targets can be combined with AND/OR logic and negated with NOT. To enable ILT on any GPP item, click the Common tab in the item’s properties, tick Item-level targeting, then click Targeting to define conditions.

Verifying GPP Application

On a test client, force a Group Policy refresh and check that the preference was applied:

gpupdate /force

Review the GPP extension event logs for processing details:

Get-WinEvent -LogName "Microsoft-Windows-GroupPolicy/Operational" |
    Where-Object {$_.Id -in @(4016,4017,5312,5313)} |
    Select-Object TimeCreated, Id, Message |
    Sort-Object TimeCreated -Descending |
    Select-Object -First 30

Use gpresult to confirm which GPP items were applied to the current user and computer:

gpresult /r /scope user

Group Policy Preferences are an elegant replacement for logon scripts and manual registry edits. Their targeting flexibility and lifecycle actions make them suitable for managing nearly any user or computer configuration that does not require strict enforcement.