<

Group Policy Compatibility

Published on
19,432 Points
7,132 Views
8 Endorsements
Last Modified:
Awarded
Have you considered what group policies are backwards and forwards compatible?

Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The policy templates are not forwards compatible with the latest operating systems. In other words, if you use a 2003 server or 2003 R2 server, you cannot administer group policies to a Vista or Win7 computer.

CAUSE:
Windows 7 and Vista use ADMX admin templates for group policies. The 'latest' legacy machines (meaning XP, 2003 server, and 2000) use ADM templates for group policy.

SYMPTOMS:
If you try to administer policies for a Win7, Vista, or 2008 server from a 2003 server, you will probably see problems associated with Win 7 machines. The symptoms I am seeing on Experts Exchange, when helping administrators include:

Slow logons
Group Policy core failures
Group Policy not applying to Vista and Win 7 computers
Group Policy event log errors on the clients and server

Example:
Group Policy Core Failure and Win 7 computer take 6-10 minutes to logon

POTENTIAL FIXES:
1) Of course, you can deploy a 2008 server. Some businesses do not have the budget.
2008 servers can provide policies for ADM and ADMX templates.

2) A work around was found and outlined on this very-well written article:
Author: Mark Menges
"Supporting Windows 7 Group Policy Settings with Windows Server 2003 Domain Controllers"

These two methods are the best practice for supporting 2008 server, Vista and Windows7 on a 2003 domain controller.

Now, you might ask, why would you support a 2008 server on a 2003 domain controller. If the 2003 server is a SBS (Small Business Server) it must support the five FSMO (Flexible Single Master Operation) roles. In this case you have to prepare your domain for mixed mode operations and administer your ADMX templates from the 2008 server. So, even with a 2008 server, there may be a scenario when considering backwards and forwards compatibility of group policies is required.

There is one last thing you should know:
Deploying printers through group policy or Print Management Console will also be difficult to do. Holding drivers for Win7 (especially x64 bit Win7), is not available in 2003 server. I have not tested this, but you should be able to use a Win7 computer to deploy printers and additional drivers via group policy in much the same way.
8
Comment
Author:ChiefIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
0 Comments

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month