Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Server 2008 GPO ADMX / ADM Question

Posted on 2009-04-24
6
Medium Priority
?
730 Views
Last Modified: 2012-05-06
We have a mixture of 2003 and 2008 servers.  All DCs are 2003 and this is not planning to change anytime soon.
Up to date all GPO work was done via the GPMC on a DC or a XP workstation with the relevant tools installed.

We want to configure the firewall settings for all the Server 2008 servers via GPO.  

Ive installed the GPMC feature on a utility std 2008 server as Im aware Ill need to do this as 2008 and Vista use ADMX files now.

This is where Ive got up to but need to ask some guidance on:

1.      Do I have to convert all my existing ADM files to ADMX using the MS convertor? Since I only have 2003 DCs I think not but want to ask just in case.

2.      Do I have to have a combination of ADM and ADMX files on my DCs, i.e. the ADMs to service the 2003 servers and the ADMX to service the 2008 servers? Can they live side by side? Id intend to use WMI filters to have the 2008 policies apply to 2008 servers.

3.      Is it best to have the 2008 servers in a separate OU rather than share the OU with the 2003 servers?

4.      Where do I find the 2008 GPO files I need to import to configure the new firewall settings in 2008 and how do I import them? Is it like with 2003 where you just copy them locally?


Sorry to ask such questions, hope someone can help,

Thanks,
0
Comment
Question by:hotsox
  • 4
  • 2
6 Comments
 

Author Comment

by:hotsox
ID: 24224275
Well I can answer Q 4 myself now.

Administrative Templates (ADMX) for Windows Server 2008
http://www.microsoft.com/downloads/details.aspx?familyid=927FC7E3-853C-410A-ACB5-9062C76142FA&displaylang=en

Still I see you have to copy them up to the DC's Sysvol. Hence me asking the other Qs about ADM and the newer ADMX living together on the same Sysvols.

I'm just a little confused how the settings in the old GPOs sit with settings I wish to make to the 2008 servers. By which I mean having one server GPO (already exisiting working with the 2003 servers btu now have more functionalilty for the 2008 servers)



0
 

Author Comment

by:hotsox
ID: 24224718
OK I think I've answered Q2 now as well and probably Q1.

As I've now created a PolicyDefinition folder under \\FQDN\SYSVOL\FQDN\policies. It was a litle unclear if I was to copy all the ADMX and ADML files directly to the Policies folder or to create the PolicyDefinition under it. I did the latter.

0
 

Accepted Solution

by:
hotsox earned 0 total points
ID: 24225691
Reckon I've posted this too early as now have answered all my own Qs but thanks if you read this late and had some input.

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Expert Comment

by:gorlaz
ID: 24733826
Hi hotsox,

Any chance you'd mind posting a general blurb about what you did re your situation. I've got a very similar situation - all win2k3 dc's and have just added a win2k8 TS. I'm unsure of what to do exactly re GPO's and the whole adm/admx side by side.
Cheers,
0
 

Author Comment

by:hotsox
ID: 24734237
Hi Gorlaz,

I sort of did document above all I did but here's it is in a slightly different format


1.      Do I have to convert all my existing ADM files to ADMX using the MS convertor? Since I only have 2003 DCs I think not but want to ask just in case.

No. The existing ADM reside on the sysvol alongside the ADMX files.

2.      Do I have to have a combination of ADM and ADMX files on my DCs, i.e. the ADMs to service the 2003 servers and the ADMX to service the 2008 servers? Can they live side by side? Id intend to use WMI filters to have the 2008 policies apply to 2008 servers.

Yes.


3.      Is it best to have the 2008 servers in a separate OU rather than share the OU with the 2003 servers?

Makes no difference once you create a WMI filter. here's the filter code for Server 2008.

select * from Win32_OperatingSystem where Version like "6.0%" and ProductType = "3"



4.      Where do I find the 2008 GPO files I need to import to configure the new firewall settings in 2008 and how do I import them? Is it like with 2003 where you just copy them locally?

Just get them from here: http://www.microsoft.com/downloads/details.aspx?FamilyID=927fc7e3-853c-410a-acb5-9062c76142fa&displaylang=en

and follow the excellent installaion instructions.

HTH,



0
 

Expert Comment

by:gorlaz
ID: 24740862
Cheers!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question