Group Policy Preferences Registry Extension vs Group Policy Registry Extension

Group Policy Preferences Registry Extension vs Group Policy Registry Extension

2018-04-11
/ /
in Blog
/

In various discussions I’ve read about the drawbacks of Group Policy Preferences but is it really that bad?

 

…Or is it how you are using it?

 

There are two methods of applying registry keys/values with Group Policy.  The Group Policy Registry Extension is the “traditional” form of applying policies.  Also known as ADM or ADMX policies, when creating GPO’s with this method a binary file, “.pol”, is created.  When policy application occurs this file is read and applied to your registry.  As a binary file, this file is kept small and fast.  Reading and applying the settings should be nearly instant.

The second method of applying registry keys is with Group Policy Preferences (GPP).  This was a “new” method introduced in Windows Server 2008 with the purchase of PolicyMaker by Microsoft.  Group Policy Preferences are much, much more flexible than the traditional form.  There are different ways of applying registry values, including the CRUD model (Create, Replace, Update, Delete), filtering by the way of “Item Level Targeting“, either on an individual value or on a collection.

I’ve seen an organization heavily leverage GPP to great success.  I started to wonder though, what are the performance impacts of using GPP over the traditional method.  This post will explore the differences in the CRUD model and how it compares to the traditional method..

I intend to look the following scenarios:

  1. Creating a registry value
  2. Updating a previous registry value
  3. Removing a registry value

However, GPP has a fourth method, “Replace” and I’ll explore what it does in addition to these 3 methods.

Creating a Registry Value

In this scenario, the registry will be clean and a new value will be created.  I’m going to refer to the Group Policy Registry Extension (AKA, Administrative Templates, ADM/ADX) as the “traditional” method and use the abbreviation GPP for the Group Policy Preferences Registry Extension.

Traditional:

After reading the Registry.Pol from the sysvol, the application of the registry key takes just 3 operations.  RegCreateKey, RegSetValue, and RegCloseKey.

Each one of these operations took around 1-1.1ms, with the caveat that Process Monitor (procmon) consumes some resources capturing this information, slowing it down slightly.

 

GPP:

We can see a new operation “RegQueryValue”.  As described by William Stanek, “The Create action creates a preference if it doesn’t already exist. For example, you can use the Create action to create and set the value of a user environment variable called CurrentOrg on computers where it does not yet exist. If the variable already exists, the value of the variable will not be changed.”

The RegQueryValue is executing the check to see if a variable already exists.  So what does GPP look like if the value is already present?

3 operations with the process exiting on a success on the value being present.

The end result, is 3 operations for our traditional method, and 4 operations for the Group Policy Preferences method for creating a registry entry.

Updating a registry value

In this scenario, the registry will contain a value, and the policy will be updated with a new value.  For the traditional method this will involve changing the Microsoft “User Profiles” policy.  I set the “HomeDir” location to “TrententTest”, applied the value, then updated it to “TrententTye”.  This will ensure a new, changed key is applied.  For GPP I’m going to change the value on the policy to 0x0 from 0x1 and use the “Update” operation.

Traditional:

Traditional maintains a very simple “3 operation” action with updating a value having the same effect as if the value was never present to begin with.

GPP:

With the “Update” action, GPP now executes just 3 operations, same as the traditional.

The end result, is 3 operations for our traditional method, and 3 operations for the Group Policy Preferences method for updating a registry entry.

Removing a registry value

In this scenario, I am going to remove a registry value.  Using the traditional method this means modifying my group policy to “Not Configured”, and for GPP this means setting “Delete” for our operation.

Traditional:

Again, Traditional performs it’s work in just 3 operations.

 

GPP:

GPP also performs this work in just 3 operations.

 

GPP – The Replace Method

Group Policy Preferences has another operation to explore.  “Replace”.

This operation …”creates preferences that don’t yet exist, or deletes and then creates preferences that already exist.”

This sounds like it performs a few operations.  Lets see what it looks like:

Replace executes “6” operations.  RegOpenKey, RegDeleteValue, RegCloseKey, RegCreateKey, RegSetValue, RegCloseKey.  I’m not entirely sure why you’d want a DeleteValue before SetValue but that’s what this selection does.

 

Revisiting GPP: “Creating a Registry Value”

During the process of creating this post, I wondered if the 3 operation “Update” would work better for creating a key.  The GPP “Create” selection has 4 operations, but the “Update” selection only has 3 operations.  I deleted my “TrententTestPreferences” key and refreshed group policy:

 

3 operations!  So Group Policy Preferences has the potential to operate at the same speed as the traditional group policy IF YOU STICK TO USING “UPDATE”.  At the very least, these operations should take the same amount of time.  Of course, implementation might be a different story.

The final tally:

Stay tuned for part 2 — The Performance Comparison

Post a Comment

Your email address will not be published. Required fields are marked *

*