<

Group Policy Compatibility

Published on
19,870 Points
7,570 Views
8 Endorsements
Last Modified:
Awarded
Have you considered what group policies are backwards and forwards compatible?

Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The policy templates are not forwards compatible with the latest operating systems. In other words, if you use a 2003 server or 2003 R2 server, you cannot administer group policies to a Vista or Win7 computer.

CAUSE:
Windows 7 and Vista use ADMX admin templates for group policies. The 'latest' legacy machines (meaning XP, 2003 server, and 2000) use ADM templates for group policy.

SYMPTOMS:
If you try to administer policies for a Win7, Vista, or 2008 server from a 2003 server, you will probably see problems associated with Win 7 machines. The symptoms I am seeing on Experts Exchange, when helping administrators include:

Slow logons
Group Policy core failures
Group Policy not applying to Vista and Win 7 computers
Group Policy event log errors on the clients and server

Example:
Group Policy Core Failure and Win 7 computer take 6-10 minutes to logon

POTENTIAL FIXES:
1) Of course, you can deploy a 2008 server. Some businesses do not have the budget.
2008 servers can provide policies for ADM and ADMX templates.

2) A work around was found and outlined on this very-well written article:
Author: Mark Menges
"Supporting Windows 7 Group Policy Settings with Windows Server 2003 Domain Controllers"

These two methods are the best practice for supporting 2008 server, Vista and Windows7 on a 2003 domain controller.

Now, you might ask, why would you support a 2008 server on a 2003 domain controller. If the 2003 server is a SBS (Small Business Server) it must support the five FSMO (Flexible Single Master Operation) roles. In this case you have to prepare your domain for mixed mode operations and administer your ADMX templates from the 2008 server. So, even with a 2008 server, there may be a scenario when considering backwards and forwards compatibility of group policies is required.

There is one last thing you should know:
Deploying printers through group policy or Print Management Console will also be difficult to do. Holding drivers for Win7 (especially x64 bit Win7), is not available in 2003 server. I have not tested this, but you should be able to use a Win7 computer to deploy printers and additional drivers via group policy in much the same way.
8
Comment
Author:ChiefIT
0 Comments

Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

Join & Write a Comment

Key to your CPU's ability to stay cool is to use the right amount of thermal paste and apply it correctly. In other words you want as much thermal conductivity between CPU and the cooling block. Use a quality thermal paste and apply it in a manner…
Microsoft Office 365 Backup and Restore Solution by SysTools to export Office 365 mailbox to PST / EML file format on Windows OS. On Mac, tool backup O365 to PST / MBOX / MSG / EML / EMLX file formats. Not only this, restore option helps to import s…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month