mkrisz
asked on
extend Windows Server 2003 group policy to suport Vista / 7
Dear Experts,
I have a Windows Server 2003 DC. What I'd like to do is to extend my group policy in order to support policies like UAC and other new Vista / Windows 7 features. Is this possible? If yes, exactly how?
I have a Windows Server 2003 DC. What I'd like to do is to extend my group policy in order to support policies like UAC and other new Vista / Windows 7 features. Is this possible? If yes, exactly how?
vahiid
I haven't seen one for Windows 7 yet, but this is for Windows Vista, which has a lot of 7 options in common: http://www.microsoft.com/downloads/details.aspx?familyid=05d0598b-95f9-4bdd-af36-b365d68ec5f6&displaylang=en
ASKER
So the only option is to import administrative templates? And can I import admx to Server 2003? Not just .adm? What if I run forestprep and domainprep? Does forest and domainprep do anything with group policy options?
No need to run ForestPrep or anything like that for Administrative Templates functionality, unless you are adding a 2008 domain controller to your domain.
Keep in mind that these administrative templates are mostly registry keys that get applied to the client PCs. Import ADM and you'll be good to go.
Take a look at here http://blogs.technet.com/grouppolicy/archive/2009/10/27/windows-7-do-i-need-to-change-my-active-directory-for-new-group-policy-features.aspx
Keep in mind that these administrative templates are mostly registry keys that get applied to the client PCs. Import ADM and you'll be good to go.
Take a look at here http://blogs.technet.com/grouppolicy/archive/2009/10/27/windows-7-do-i-need-to-change-my-active-directory-for-new-group-policy-features.aspx
What MS recommends is this: http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en
This will enable you to control all the options W7 has with a 2003 DC remotely adminitered from your W7 workstation via RSAT. Nice and easy.
This will enable you to control all the options W7 has with a 2003 DC remotely adminitered from your W7 workstation via RSAT. Nice and easy.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is Ashfield=mkrisz?
What is the solution to this problem? I don't see it. I could have provided more info if needed.
What is the solution to this problem? I don't see it. I could have provided more info if needed.
No, We're not the same person.
The solution is: No. There is no way at present to set Win7 features via Group Policy on a 2003 server. The .adm files don't seem to be available (as they are for Office 2007 for example).
RSAT doesn't add any extra functionality to a 2003 GP.
The solution is: No. There is no way at present to set Win7 features via Group Policy on a 2003 server. The .adm files don't seem to be available (as they are for Office 2007 for example).
RSAT doesn't add any extra functionality to a 2003 GP.
Of course even windows 2000 server DCs can be used to administer each and every GPO related setting of windows 7. That's the big deal about RSAT. It does not only let you administer your domain from a remote workstation but it makes use of the admx policies of that workstation - and guess which ones the are.
OK first of all, I read the question as administering Win7 features from a 2003 server. That would require .adm files to be loaded into the server GP, and as they don't seem to exist my answer was no.
If this is a wrong interpretation, my apologies.
Second, I still don't see what you mean by "but it makes use of the admx policies of that workstation". I can set to policy locally, but not apply that over the network.
I'm sounding a bit thick here, but where do I see those? Could you give me a step-by-step guide?
If this is a wrong interpretation, my apologies.
Second, I still don't see what you mean by "but it makes use of the admx policies of that workstation". I can set to policy locally, but not apply that over the network.
I'm sounding a bit thick here, but where do I see those? Could you give me a step-by-step guide?
Just install RSAT and you will see. RSAT connects to your DC and uses your own (windows 7's) admx files, to display configurable policies. After configuring those, it writes the policy to the sysvol share of the server. So the server does not care where that settings come from - but the clients can read and apply those.
"Just install RSAT and you will see."
Your say RSAT like it's a single program when it's not. Am I not being clear when I ask for a step-by-step guide to how to do this?
Which specific management tool are you using to configure the policy's? Local Security Policy? Group Policy Management? what?
Your say RSAT like it's a single program when it's not. Am I not being clear when I ask for a step-by-step guide to how to do this?
Which specific management tool are you using to configure the policy's? Local Security Policy? Group Policy Management? what?
1) Install RSAT
2) open appwiz.cpl and select (left hand side) "turn windows features on or off" and move to RSAT and install the subfeatures you are planning to use from remote - the one we need here is the group policy management console.
3) After installation, you logon as domain admin, open mmc.exe and add the gpmc and now you can connect to your domain and add/modify policies.
2) open appwiz.cpl and select (left hand side) "turn windows features on or off" and move to RSAT and install the subfeatures you are planning to use from remote - the one we need here is the group policy management console.
3) After installation, you logon as domain admin, open mmc.exe and add the gpmc and now you can connect to your domain and add/modify policies.
Right.
1. All RSAT options enabled
(http://img35.imageshack.us/img35/8758/rsat1.jpg)
2. Opened GPM, edited one of the existing GPOs. No Win7 options available, as it's a 2003 GPO.
(http://img130.imageshack.us/img130/169/rsat2.jpg)
3. Can't add Win7 admx templates as the 2003 GPO doesn't support them.
(http://img682.imageshack.us/img682/4875/rsat3.jpg)
4. New Win7 features can be set locally, but how on a 2003 server GPO?
(http://img12.imageshack.us/img12/460/rsat4.jpg)
1. All RSAT options enabled
(http://img35.imageshack.us/img35/8758/rsat1.jpg)
2. Opened GPM, edited one of the existing GPOs. No Win7 options available, as it's a 2003 GPO.
(http://img130.imageshack.us/img130/169/rsat2.jpg)
3. Can't add Win7 admx templates as the 2003 GPO doesn't support them.
(http://img682.imageshack.us/img682/4875/rsat3.jpg)
4. New Win7 features can be set locally, but how on a 2003 server GPO?
(http://img12.imageshack.us/img12/460/rsat4.jpg)
> No Win7 options available, as it's a 2003 GPO
Of course. You rsat2.jpg shows lots of them. There wouldn't be things like desktop window manager or digital locker otherwise.
Of course. You rsat2.jpg shows lots of them. There wouldn't be things like desktop window manager or digital locker otherwise.
Ok, so some of the options appear in the gpmc under windows 7, and get saved to the server sysvol. Even though Server 2003 can't see them, they are applied to W7 machines on the network. But there are still some that can only be set via local group policy?
Thanks for the update! It's much appreciated, taking this time to explain it to me.
Thanks for the update! It's much appreciated, taking this time to explain it to me.
> But there are still some that can only be set via local group policy?
No, none. What are you looking for that you cannot find?
No, none. What are you looking for that you cannot find?
McKnife, you just made my life so much easier. I was not aware of RSAT before reading this thread. Thanks!