Group policies and Windows Embedded Device Manager 2011

Posted By
Pavel Bansky Program Manager

One of the most common questions asked by customers and users of Windows Embedded Device Manager 2011 is the applicability of group policies on write filter protected box. Although, most of the embedded devices usually operate outside of the domain, with Thin Clients in enterprises this is no longer true.

Windows Embedded Device Manager 2011 in combination with System Center Configuration Manager 2007 persist updates and configurations on write filter protected devices based on “on demand” principle. This maintenance task needs to be planned and scheduled from Configuration Manager Console. Group policies are usually updated outside of this maintenance task therefore they will never persists on the device, unless the timing for maintenance task crosses with timing for group policy update; which is very unlikely.

In this article I would like to give you step-by-step guide how to issue maintenance task for policy update from Configuration Manager Console to persist the updated policy. All we are going to do is create task sequence that will be disable write filters, run the gpupdate.exe and restore write filters again. This task sequence will have a mandatory assignment scheduled for 1am every night.

1) In System Center Configuration Manager console right click on Task Sequence node under the Computer Management. In the context menu select New Task Sequence

2) Inside of the New Task Sequence Wizard select Create new task sequence and click Next

3) On the next screen fill the name and description of the new task sequence and click Finish

4) The newly created task sequence will appear under the Task Sequence node. Right click on the newly created task sequence and select Edit

5) In the Task Sequence Editor select Add -> Write Filter -> Disable Write Filter

6) As a next step in the task sequence select Add -> General -> Run Command Line

7) Into the command line enter gpupdate.exe, alternatively you can use gpudpdate.exe /force

8) The last step is write filter restore. Select Add -> Write Filter -> Restore Write Filter and click OK to close the Task Sequence Editor

Now the group policy task sequence is ready to be used. In order to use this task sequence it needs to be advertised with the specific time and occurrence.

1) Right click on the newly created task sequence and select Advertise

2) In the New Advertisement Wizard name the advertisement and select appropriate collection of devices

3) On the next page click on the Sun button to create new Assignment Schedule and choose time and occurrence pattern that fits your need.

4) Finish the wizard.

Yes, it’s simple as that. From now on, your devices will regularly fetch for group policy updates to persist them. I hope this post was helpful. Please let me know if you have more questions about specific Windows Embedded Device Manager 2011 scenarios.