<

Group Policy Compatibility

Published on
20,007 Points
7,707 Views
8 Endorsements
Last Modified:
Awarded
Have you considered what group policies are backwards and forwards compatible?

Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The policy templates are not forwards compatible with the latest operating systems. In other words, if you use a 2003 server or 2003 R2 server, you cannot administer group policies to a Vista or Win7 computer.

CAUSE:
Windows 7 and Vista use ADMX admin templates for group policies. The 'latest' legacy machines (meaning XP, 2003 server, and 2000) use ADM templates for group policy.

SYMPTOMS:
If you try to administer policies for a Win7, Vista, or 2008 server from a 2003 server, you will probably see problems associated with Win 7 machines. The symptoms I am seeing on Experts Exchange, when helping administrators include:

Slow logons
Group Policy core failures
Group Policy not applying to Vista and Win 7 computers
Group Policy event log errors on the clients and server

Example:
Group Policy Core Failure and Win 7 computer take 6-10 minutes to logon

POTENTIAL FIXES:
1) Of course, you can deploy a 2008 server. Some businesses do not have the budget.
2008 servers can provide policies for ADM and ADMX templates.

2) A work around was found and outlined on this very-well written article:
Author: Mark Menges
"Supporting Windows 7 Group Policy Settings with Windows Server 2003 Domain Controllers"

These two methods are the best practice for supporting 2008 server, Vista and Windows7 on a 2003 domain controller.

Now, you might ask, why would you support a 2008 server on a 2003 domain controller. If the 2003 server is a SBS (Small Business Server) it must support the five FSMO (Flexible Single Master Operation) roles. In this case you have to prepare your domain for mixed mode operations and administer your ADMX templates from the 2008 server. So, even with a 2008 server, there may be a scenario when considering backwards and forwards compatibility of group policies is required.

There is one last thing you should know:
Deploying printers through group policy or Print Management Console will also be difficult to do. Holding drivers for Win7 (especially x64 bit Win7), is not available in 2003 server. I have not tested this, but you should be able to use a Win7 computer to deploy printers and additional drivers via group policy in much the same way.
8
Author:ChiefIT
0 Comments

Featured Post

Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Watch this online video tutorial and learn the best way to reduce Outlook mailbox size using Compact Now feature of Outlook. It removes the deletes item's space from Microsoft Outlook 2016, 2013, and 2010 and compresses the PST file size. This will …
This is Part-2 of Learning to use the Power of Mailwasher Pro so if you haven't watched Part-1 yet, I urge you to do so before watching this video. Click this link to watch Part-1 (https://www.experts-exchange.com/videos/56638/Learn-to-use-the-POWER…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month