Some pretty cool stuff, some of it is redundant.

What's new?  New in Vista is that GP's no longer run under Winlogon but instead run as a shared service and the service itself has been hardened by requiring local admins to have elevated privileges to stop the service, the service will also auto restart from any error.

Network Awareness - policy application is not network sensitive, no longer a 90 minute wait before refresh if a DC is detected.  If a system comes out of hibernate or standby they will refresh almost immediately, if the last policy refresh was missed it will trigger a refresh as soon as the NA detects a change in the network.

Local GPO settings for different logins - Multiple local GPO's by targeting users.  Ad admin gets one set of policies, while a user, even a specific individual, gets a different set of policies.  Domain policies override local policies, and the ability to tell a machine to ignore all local GP's.

Whew - day is getting long…

New logging for GPO's, XML based, Crimson, subscriptions, two levels of logging - admin levels and operational events.

No more .ADM files, they are now ADMX, both templates can co-exist, you can utilize the ADMX file types from a Vista workstation.

New search and filter built into GPMC (SP1 for Vista)

New Policies

UAC Settings

• Behavior of elevation prompt for administrators in Admin Approval Mode
• Behavior of elevation prompt for standard users
• Detect application installs and prompt for elevation
• Elevate executables only if signed and validated
• Run all administrators in Admin Approval Mode
• Switch to secure desktop when prompting for elevation

Desktop Management

Printer Management

• Deploy Printers to machines or users
  • Per Machine: Shared Use Computers
  • Per User: Printers follow Users

• Roll out trusted printer drivers, prevent install of untrusted printer drivers
• Delegate Printer installation rights

Internet Explorer

• Converting most settings away from Internet Explorer Maintenance (IEM) to registry-based

Shell Team

• Classic Shell, Logon, Start Menu, and Control Panel
• Screen Saver: Define timeout, restrict to “built in”
• Secure Conscious: Force prompting, don’t save credentials
• Sync and Sharing: Item sharing, PC-PC, folder redirection

Security

Windows Defender (Anti-Spyware)

• Enable/Disable real-time protection/scanning
• Manage signature download configuration

Device Installation control

• Prevent driver installation for specific devices

Wireless and Wired Service configuration

• Different Policy settings for Wired and Wireless 802.1x

Network Access Protection

• Control Quarantine setting

Enhanced Public Key Policy configuration

• More Policy settings for Certificates

Enhanced Internet Explorer Security Configuration

• Support for IE7 security features

Removable Storage Device Settings

Computer- and User-based Policy to control

• Read and Write Access

Removable Storage Device classes

• CD/DVD
• Tapes
• USB plug-in devices
• Windows Portable Devices (WPD)
• All other external removable storage devices

Need more info???? Check here...

What's new in Group Policy in Windows Vista and Server Longhorn

http://www.microsoft.com/technet/windowsvista/library/a8366c42-6373-48cd-9d11-2510580e4817.mspx