<

Go Premium for a chance to win a PS4. Enter to Win

x

Group Policy Compatibility

Published on
19,529 Points
7,229 Views
8 Endorsements
Last Modified:
Awarded
Have you considered what group policies are backwards and forwards compatible?

Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The policy templates are not forwards compatible with the latest operating systems. In other words, if you use a 2003 server or 2003 R2 server, you cannot administer group policies to a Vista or Win7 computer.

CAUSE:
Windows 7 and Vista use ADMX admin templates for group policies. The 'latest' legacy machines (meaning XP, 2003 server, and 2000) use ADM templates for group policy.

SYMPTOMS:
If you try to administer policies for a Win7, Vista, or 2008 server from a 2003 server, you will probably see problems associated with Win 7 machines. The symptoms I am seeing on Experts Exchange, when helping administrators include:

Slow logons
Group Policy core failures
Group Policy not applying to Vista and Win 7 computers
Group Policy event log errors on the clients and server

Example:
Group Policy Core Failure and Win 7 computer take 6-10 minutes to logon

POTENTIAL FIXES:
1) Of course, you can deploy a 2008 server. Some businesses do not have the budget.
2008 servers can provide policies for ADM and ADMX templates.

2) A work around was found and outlined on this very-well written article:
Author: Mark Menges
"Supporting Windows 7 Group Policy Settings with Windows Server 2003 Domain Controllers"

These two methods are the best practice for supporting 2008 server, Vista and Windows7 on a 2003 domain controller.

Now, you might ask, why would you support a 2008 server on a 2003 domain controller. If the 2003 server is a SBS (Small Business Server) it must support the five FSMO (Flexible Single Master Operation) roles. In this case you have to prepare your domain for mixed mode operations and administer your ADMX templates from the 2008 server. So, even with a 2008 server, there may be a scenario when considering backwards and forwards compatibility of group policies is required.

There is one last thing you should know:
Deploying printers through group policy or Print Management Console will also be difficult to do. Holding drivers for Win7 (especially x64 bit Win7), is not available in 2003 server. I have not tested this, but you should be able to use a Win7 computer to deploy printers and additional drivers via group policy in much the same way.
8
Comment
Author:ChiefIT
0 Comments

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Join & Write a Comment

this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month