GPO: configure default programs

In this tutorial, I will explain how to configure the default applications (browser, PDF reader…) using a Group Policy (GPO) in an Active Directory environment.

Puzzle of IT services, it is the use of default programs for certain types of files (PDF, Images) or even Internet browser, the configuration of such a group strategy allows all colorators to work with the same tools and it also avoids some liberties that users can take.

What we will see in this tutorial allows you to configure the default programs that users must use and the advantage of this strategy is that it is reapplied, so even if the user changes, when next logon, the configuration will be applied again.

The strategy we are going to see works from Windows 8 to Windows 11 and also applies to Remote Desktop servers from Windows 2012.

The configuration is done in two steps, we must first configure from a “witness” session, the default applications, which will allow us to generate an XML file, then we will create a group policy, in which we will indicate the location of our XML file that will apply the settings. The XML file must be accessible from a network share by computers in the read domain.

In this tutorial, we will force the use of Foxit Reader for opening PDFs.

Configuring Default Programs

From a “control” computer, open “Default programs”, the easiest way is to go through the Start menu.

When the settings window opens, click on Configure default programs 1.

Configure the default programs in relation to the desired extensions.

This manipulation being quite basic, I will not go into detail here, moreover depending on the OS, it is “different”.

Export configuration of default programs

Now we are going to export the configuration, for this we are going to use the DISM command line utility.

Open a command prompt and enter the command below to export the configuration.

Dism.exe /online /Export-DefaultAppAssociations:C:\TEMP\DefaultApps.xml

Adapt the path and the file name according to your environment.

In the TEMP folder, I find the XML file 1.

We will now check and modify it to only apply the parameters related to the PDF.

Open the XML file.

As we can see, all the applications are present.

Here is the clean file for using FoxitReader.

Our file is ready, we will move on to configuring group policy.

Group Policy settings for default apps

The first step will be to put the XML file on a share with read permission for computers in domain 1.

Once the sharing has been configured and the file placed in it, we will move on to group policy.

From the Group Policy Management console, right-click in the Group Policy Objects container 1 and click New 2.

Name the GPO object 1 and click OK 2 to create it.

Once the object has been created, right click on it 1 and click on Modify 2.

From the navigation panel go to the location: Computer Configuration / Policies / Administrative Templates / Windows Component / File Explorer 1.

Find the setting: Define a default associations configuration file 1, double click on it to open it.

Activate 1 the parameters then enter the UNC path 2 of the XML file. Validate by clicking on the Apply button 3 and OK 4.

Close the Group Policy Editor.

Now we need to link the Group Policy 1, right click on the OU where it must be linked to be applied and click on Link an existing GPO 2.

Select the group policy you just created 1 and click OK 2.

Group Policy is bound, for consideration, computers where the policy applies may need to be restarted.

I did not specify it at the beginning, but it is obviously necessary that the selected programs are installed on the computers where you are going to apply the group policy.

You now know how to configure default programs with Group Policy.

Leave a Comment