<

Group Policy Compatibility

Published on
19,634 Points
7,334 Views
8 Endorsements
Last Modified:
Awarded
Have you considered what group policies are backwards and forwards compatible?

Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The policy templates are not forwards compatible with the latest operating systems. In other words, if you use a 2003 server or 2003 R2 server, you cannot administer group policies to a Vista or Win7 computer.

CAUSE:
Windows 7 and Vista use ADMX admin templates for group policies. The 'latest' legacy machines (meaning XP, 2003 server, and 2000) use ADM templates for group policy.

SYMPTOMS:
If you try to administer policies for a Win7, Vista, or 2008 server from a 2003 server, you will probably see problems associated with Win 7 machines. The symptoms I am seeing on Experts Exchange, when helping administrators include:

Slow logons
Group Policy core failures
Group Policy not applying to Vista and Win 7 computers
Group Policy event log errors on the clients and server

Example:
Group Policy Core Failure and Win 7 computer take 6-10 minutes to logon

POTENTIAL FIXES:
1) Of course, you can deploy a 2008 server. Some businesses do not have the budget.
2008 servers can provide policies for ADM and ADMX templates.

2) A work around was found and outlined on this very-well written article:
Author: Mark Menges
"Supporting Windows 7 Group Policy Settings with Windows Server 2003 Domain Controllers"

These two methods are the best practice for supporting 2008 server, Vista and Windows7 on a 2003 domain controller.

Now, you might ask, why would you support a 2008 server on a 2003 domain controller. If the 2003 server is a SBS (Small Business Server) it must support the five FSMO (Flexible Single Master Operation) roles. In this case you have to prepare your domain for mixed mode operations and administer your ADMX templates from the 2008 server. So, even with a 2008 server, there may be a scenario when considering backwards and forwards compatibility of group policies is required.

There is one last thing you should know:
Deploying printers through group policy or Print Management Console will also be difficult to do. Holding drivers for Win7 (especially x64 bit Win7), is not available in 2003 server. I have not tested this, but you should be able to use a Win7 computer to deploy printers and additional drivers via group policy in much the same way.
8
Comment
Author:ChiefIT
0 Comments

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Join & Write a Comment

The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
If you are looking for an automated solution for backup single or multiple Office 365 user mailboxes to Outlook data file, then you can use Kernel Office 365 Backup & Restore tool. Go through the video to check out the steps to backup single or mult…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month