Solved

Group Policy Central Store???

Posted on 2010-09-13
11
1,632 Views
Last Modified: 2012-06-27
can any one tell me what a Group Policy Central Store is?  Ive been recommended to create one but not sure what one is and how to go about creating one.
0
Comment
Question by:resolver1
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 7

Expert Comment

by:ieden
ID: 33663170
GP stores it's data in the \\Domain\SYSVOL share. This is replicateed between Domain controllers automatically for you when additional DC's are brought into the domain.
0
 
LVL 10

Accepted Solution

by:
jorlando66 earned 125 total points
ID: 33663173
These are not my words and I have provided a link for credits below...No reason to type all this when someone allready did the work :)

In earlier versions of Windows, all the default Administrative Template files are added to the ADM folder of a Group Policy object (GPO) on a domain controller. The GPOs are stored in the SYSVOL folder. You can see this part in your own domain by navigating to \\FQDN\SYSVOL\FQDN\Policies. In that location, you’ll see a number of GUIDs, each that relates to a configured GPO. Drilling further into any particular GUID, you will find a series of files the contents of which instruct clients to process configured GPO settings.

The SYSVOL folder is automatically replicated to other domain controllers in the same domain. A policy file uses approximately 2 megabytes (MB) of hard disk space. Because each domain controller stores a distinct version of a policy, replication traffic is increased.

To overcome this problem a new feature called Group Policy Central Store was introduced with Windows Vista / Windows 2008. Rather than replicating template files into each GPO’s SYSVOL folder, a single folder is created to store them all. Group Policy Central Store are turned of by default, so to take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.

1. Log on as Domain Administrator on the Windows 2008 server you use for Group Policy Management
2. Copy the folder C:\Windows\PolicyDefinitions to \\FQDN\SYSVOL\FQDN\Policies
3. Open Group Policy Management Console
4. Edit a Group Policy Object and expand the Administrative Templates node
5. Verify that the Administrative Templates are loaded from Group Policy Central Store (see picture)

http://www.xenappblog.com/2010/create-a-central-store-for-group-policy-administrative-templates/
0
 
LVL 38

Assisted Solution

by:Philip Elder
Philip Elder earned 250 total points
ID: 33663623
The CS allows for all ADM/ADMX files to be stored in one location on each DC.

Thus, making changes to GPOs no longer happens on an individual DC which is then replicated to all other DCs. The Central Store can be edited directly.

Caveat: When an OS receives a service pack (server or desktop) the CS needs to be edited from the newly service packed system to update the CS. This is not an automatic process.

See Jeremy Moskowitz and his books for more:
http://www.gpanswers.com/

Philip
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 33663763
It is mainly used to help with sysvol bloat that jorland outlined Florian has a good article here too   http://www.frickelsoft.net/blog/?p=97
I recently talked to a friend that was using some bitlocker policies and they were missing from their GPO.   Ends up those admx files were missing on the central store.   Very similar to what the DS team described here   http://blogs.technet.com/b/askds/archive/2009/12/09/windows-7-windows-server-2008-r2-and-the-group-policy-central-store.aspx
So as you can see there can be  pros and cons
Thanks
 
Mike
0
 

Author Comment

by:resolver1
ID: 33673393
ill have a read tomorrow. thanks for your replys
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:resolver1
ID: 33692329
If you only have one DC is there any advantage in having Group Policy Central Store?
0
 
LVL 7

Expert Comment

by:ieden
ID: 33692505
Not particularly... You should however, always backup you policies.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33693024
If you only have one DC your next project should be to get a second DC up as quickly as possible.  You are in deep water if you only have one DC and that thing dies hard.
0
 
LVL 38

Assisted Solution

by:Philip Elder
Philip Elder earned 250 total points
ID: 33693357
We do create the store at all of our SBS 2008 sites by default.

As I recal, besides centralizing all policies, it makes for quicker GPO processing and easier editing by multiple parties.

Even with a single DC site like an SBS 2008 one, we create some fairly complex OU/GPO structures depending on the client. So, having the ability to streamline processing in this manner is to our client's advantage especially first thing in the morning when everyone logs on at the same time.

Philip
0
 

Author Comment

by:resolver1
ID: 33716798
MPECSInc can you elaborate further. i dont understand why it would make process more stream line when everyone logs on in the morning.
0
 

Author Closing Comment

by:resolver1
ID: 33831818
Thanks for your time guys
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now