Browse All Articles
> Creating the Group Policy Central Store
Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available.
Let’s explore our Sysvol for a second. Open an explorer window and navigate to \\DOMAINNAME\sysvol\. Open up any subfolders until you are inside the policies folder. We are now looking the GUID of every Group Policy Object (GPO) in our domain. The picture below is from our domain.
Open up any policy and you should see a few subfolders. The most common are: ADM, Machine, and User.
By default, your ADM folder will have five ADM files. Each client will also have a copy of these files. Each policy you create will automatically include this ADM folder. Our domain has four domain controllers and 767 group policy objects. Each policy would have a 3.46 MB ADM folder in it. That means that our domain uses 10.4 GB of space to store ADM files! That is a lot of files to replicate!
You have probably already asked – why does every policy need a copy of the ADM files? The clients do not need them because they are located on each client machine. Microsoft gave us a better solution with the Group Policy Central Store.
The Group Policy Central Store allows you to store one copy of ADMX files in your Sysvol and to automatically have any Group Policy Management Console automatically pull its settings from that location. The best thing is – you only need a Vista or later client computer to set up the central store! Your server environment can be 2003 or 2008!
To create your central store, follow these steps:
1. Browse back to your Policies folder within Sysvol and create a folder named “PolicyDefinitions”.
2. On a Vista/7 or Server 2008/R2 machine, browse to “C:\Windows\PolicyDefiniti
ons\” and copy the entire contents to your Sysvol PolicyDefinitions Folder
3. Close any opened GPMC windows on your Vista+ management machine. Open GPMC again and create a new policy. Navigate to Computer Configuration\Policies\Adm
e Templates. Left click on Administrative Templates. In the center of the screen, you should now see: “Administrative Templates: Policy Definitions (ADMX files) retrieved from the Central Store”
4. Delete any ADM templates that you did not import yourself. To do so, just search your policies folder for any file with a .ADM extension.
5. Because XP/Server 2003 GPMC will automatically upload ADM files even if a central store exists, it is a best practice to no longer use the GPMC for those operating systems. In a larger environment that has many Group Policy creators, it may be wise to use Software Restriction Policies or File System Security Policies to disable access to the older GPMCs.
You have now successfully created a central store and migrated your local ADMX files over to it. Any Group Policy Management Consoles running on a Vista + OS will automatically open ADMX files from your central store.
How to Create a Central Store: http://support.microsoft.com/kb/929841
Automatic Central Store Creator: http://www.gpoguy.com/FreeTools/FreeToolsLibrary/tabid/67/agentType/View/PropertyID/88/Default.aspx
Server 2008/Vista GP changes: http://sourcedaddy.com/windows-7/group-policy-windows-vista-and-windows-server-2008.html