Inspired by Jeremy Moskowitz and his blog “RSAT is not Evil” http://www.gpanswers.com/rsat-is-not-evil/ I decided to give my 5 cents on this matter as well.
Most of my customers have adopted a style of administering their GPO’s from a central Server by establishing an RDP connection to it instead of using RSAT from a Windows 8.1 machine. This is not the case with just 8.1 and Server 2012 R2 but I’ll use them as an example. There are positive sides to using a server of course:
- A centralized location which always has the right ADMX-files even if no CentralStore has been created
- No need to install RSAT on workstations
But there are drawbacks as well which are the reasons why I on the other hand never do it but instead always use a management workstation for it:
- There are only 2 free RDP instances available on a server while infinite amount of RSAT’s can be used
- The most important: GPMC uses the underlying OS to gather settings you can administer even if you have a Central Store or the most up to date ADMX-files!
Let’s dig in to the second one a bit more with an example. Let’s say I have a scenario where my Boss asks me to:
- Change the startup type of WebClient service to Disabled to make connections to unknown UNC paths quicker
- Only allow the “Weather” Modern App on our Windows 8.1 machines
Here’s how the settings look from Windows Server 2012 R2 server:
And here’s what it looks like from GPMC installed on a Windows 8.1 machine: