One of the major changes that came with Windows Vista and is now being leveraged in later operating systems is a new Group Policy Client service. Earlier operating systems used the WinLogon service to run Group Policy. There were no inherent problems with using WinLogon, but there are significant benefits to using a separate service to control Group Policy. Considering the emphasis that Microsoft is putting into Group Policy, with advanced technologies being included in Group Policy and new management tools, the move to a separate service was not surprising.

The new Group Policy service improves the overall stability of the Group Policy infrastructure and computer by completely isolating it from WinLogon. The Group Policy service uses a completely new architecture for performing notifications and processing Group Policy. Not only does the Group Policy service change the architecture, it also adds these benefits:

  • Group Policy application is more efficient because fewer resources are required for background processing.
  • New Group Policy–related files can be delivered to computers administrating GPOs and computers consuming GPO settings without requiring a restart of the operating system.
  • Less memory is used for Group Policy on computers consuming GPO settings, increasing performance.

This service is “hardened” so that even an administrator cannot easily stop it. This is a good thing because there are not too many situations where you would want to disable Group Policy processing completely. As mentioned, a normal administrator cannot easily stop the Group Policy Client service. If you go into the Services MMC snap-in and highlight the service, you will notice that the options to stop and start the service are grayed out, as you can see in the above figure.

Note: It takes a bit of work to stop the service, and when you do, it will automatically restart itself after a short period of time.