?
Solved

Group Policy Central Store???

Posted on 2010-09-13
11
Medium Priority
?
1,885 Views
Last Modified: 2012-06-27
can any one tell me what a Group Policy Central Store is?  Ive been recommended to create one but not sure what one is and how to go about creating one.
0
Comment
Question by:resolver1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 7

Expert Comment

by:ieden
ID: 33663170
GP stores it's data in the \\Domain\SYSVOL share. This is replicateed between Domain controllers automatically for you when additional DC's are brought into the domain.
0
 
LVL 10

Accepted Solution

by:
jorlando66 earned 500 total points
ID: 33663173
These are not my words and I have provided a link for credits below...No reason to type all this when someone allready did the work :)

In earlier versions of Windows, all the default Administrative Template files are added to the ADM folder of a Group Policy object (GPO) on a domain controller. The GPOs are stored in the SYSVOL folder. You can see this part in your own domain by navigating to \\FQDN\SYSVOL\FQDN\Policies. In that location, you’ll see a number of GUIDs, each that relates to a configured GPO. Drilling further into any particular GUID, you will find a series of files the contents of which instruct clients to process configured GPO settings.

The SYSVOL folder is automatically replicated to other domain controllers in the same domain. A policy file uses approximately 2 megabytes (MB) of hard disk space. Because each domain controller stores a distinct version of a policy, replication traffic is increased.

To overcome this problem a new feature called Group Policy Central Store was introduced with Windows Vista / Windows 2008. Rather than replicating template files into each GPO’s SYSVOL folder, a single folder is created to store them all. Group Policy Central Store are turned of by default, so to take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.

1. Log on as Domain Administrator on the Windows 2008 server you use for Group Policy Management
2. Copy the folder C:\Windows\PolicyDefinitions to \\FQDN\SYSVOL\FQDN\Policies
3. Open Group Policy Management Console
4. Edit a Group Policy Object and expand the Administrative Templates node
5. Verify that the Administrative Templates are loaded from Group Policy Central Store (see picture)

http://www.xenappblog.com/2010/create-a-central-store-for-group-policy-administrative-templates/
0
 
LVL 39

Assisted Solution

by:Philip Elder
Philip Elder earned 1000 total points
ID: 33663623
The CS allows for all ADM/ADMX files to be stored in one location on each DC.

Thus, making changes to GPOs no longer happens on an individual DC which is then replicated to all other DCs. The Central Store can be edited directly.

Caveat: When an OS receives a service pack (server or desktop) the CS needs to be edited from the newly service packed system to update the CS. This is not an automatic process.

See Jeremy Moskowitz and his books for more:
http://www.gpanswers.com/

Philip
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 33663763
It is mainly used to help with sysvol bloat that jorland outlined Florian has a good article here too   http://www.frickelsoft.net/blog/?p=97
I recently talked to a friend that was using some bitlocker policies and they were missing from their GPO.   Ends up those admx files were missing on the central store.   Very similar to what the DS team described here   http://blogs.technet.com/b/askds/archive/2009/12/09/windows-7-windows-server-2008-r2-and-the-group-policy-central-store.aspx
So as you can see there can be  pros and cons
Thanks
 
Mike
0
 

Author Comment

by:resolver1
ID: 33673393
ill have a read tomorrow. thanks for your replys
0
 

Author Comment

by:resolver1
ID: 33692329
If you only have one DC is there any advantage in having Group Policy Central Store?
0
 
LVL 7

Expert Comment

by:ieden
ID: 33692505
Not particularly... You should however, always backup you policies.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33693024
If you only have one DC your next project should be to get a second DC up as quickly as possible.  You are in deep water if you only have one DC and that thing dies hard.
0
 
LVL 39

Assisted Solution

by:Philip Elder
Philip Elder earned 1000 total points
ID: 33693357
We do create the store at all of our SBS 2008 sites by default.

As I recal, besides centralizing all policies, it makes for quicker GPO processing and easier editing by multiple parties.

Even with a single DC site like an SBS 2008 one, we create some fairly complex OU/GPO structures depending on the client. So, having the ability to streamline processing in this manner is to our client's advantage especially first thing in the morning when everyone logs on at the same time.

Philip
0
 

Author Comment

by:resolver1
ID: 33716798
MPECSInc can you elaborate further. i dont understand why it would make process more stream line when everyone logs on in the morning.
0
 

Author Closing Comment

by:resolver1
ID: 33831818
Thanks for your time guys
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question