Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Group Policy Central Store???

Posted on 2010-09-13
11
Medium Priority
?
1,931 Views
Last Modified: 2012-06-27
can any one tell me what a Group Policy Central Store is?  Ive been recommended to create one but not sure what one is and how to go about creating one.
0
Comment
Question by:resolver1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 7

Expert Comment

by:ieden
ID: 33663170
GP stores it's data in the \\Domain\SYSVOL share. This is replicateed between Domain controllers automatically for you when additional DC's are brought into the domain.
0
 
LVL 10

Accepted Solution

by:
jorlando66 earned 500 total points
ID: 33663173
These are not my words and I have provided a link for credits below...No reason to type all this when someone allready did the work :)

In earlier versions of Windows, all the default Administrative Template files are added to the ADM folder of a Group Policy object (GPO) on a domain controller. The GPOs are stored in the SYSVOL folder. You can see this part in your own domain by navigating to \\FQDN\SYSVOL\FQDN\Policies. In that location, you’ll see a number of GUIDs, each that relates to a configured GPO. Drilling further into any particular GUID, you will find a series of files the contents of which instruct clients to process configured GPO settings.

The SYSVOL folder is automatically replicated to other domain controllers in the same domain. A policy file uses approximately 2 megabytes (MB) of hard disk space. Because each domain controller stores a distinct version of a policy, replication traffic is increased.

To overcome this problem a new feature called Group Policy Central Store was introduced with Windows Vista / Windows 2008. Rather than replicating template files into each GPO’s SYSVOL folder, a single folder is created to store them all. Group Policy Central Store are turned of by default, so to take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.

1. Log on as Domain Administrator on the Windows 2008 server you use for Group Policy Management
2. Copy the folder C:\Windows\PolicyDefinitions to \\FQDN\SYSVOL\FQDN\Policies
3. Open Group Policy Management Console
4. Edit a Group Policy Object and expand the Administrative Templates node
5. Verify that the Administrative Templates are loaded from Group Policy Central Store (see picture)

http://www.xenappblog.com/2010/create-a-central-store-for-group-policy-administrative-templates/
0
 
LVL 39

Assisted Solution

by:Philip Elder
Philip Elder earned 1000 total points
ID: 33663623
The CS allows for all ADM/ADMX files to be stored in one location on each DC.

Thus, making changes to GPOs no longer happens on an individual DC which is then replicated to all other DCs. The Central Store can be edited directly.

Caveat: When an OS receives a service pack (server or desktop) the CS needs to be edited from the newly service packed system to update the CS. This is not an automatic process.

See Jeremy Moskowitz and his books for more:
http://www.gpanswers.com/

Philip
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 33663763
It is mainly used to help with sysvol bloat that jorland outlined Florian has a good article here too   http://www.frickelsoft.net/blog/?p=97
I recently talked to a friend that was using some bitlocker policies and they were missing from their GPO.   Ends up those admx files were missing on the central store.   Very similar to what the DS team described here   http://blogs.technet.com/b/askds/archive/2009/12/09/windows-7-windows-server-2008-r2-and-the-group-policy-central-store.aspx
So as you can see there can be  pros and cons
Thanks
 
Mike
0
 

Author Comment

by:resolver1
ID: 33673393
ill have a read tomorrow. thanks for your replys
0
 

Author Comment

by:resolver1
ID: 33692329
If you only have one DC is there any advantage in having Group Policy Central Store?
0
 
LVL 7

Expert Comment

by:ieden
ID: 33692505
Not particularly... You should however, always backup you policies.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33693024
If you only have one DC your next project should be to get a second DC up as quickly as possible.  You are in deep water if you only have one DC and that thing dies hard.
0
 
LVL 39

Assisted Solution

by:Philip Elder
Philip Elder earned 1000 total points
ID: 33693357
We do create the store at all of our SBS 2008 sites by default.

As I recal, besides centralizing all policies, it makes for quicker GPO processing and easier editing by multiple parties.

Even with a single DC site like an SBS 2008 one, we create some fairly complex OU/GPO structures depending on the client. So, having the ability to streamline processing in this manner is to our client's advantage especially first thing in the morning when everyone logs on at the same time.

Philip
0
 

Author Comment

by:resolver1
ID: 33716798
MPECSInc can you elaborate further. i dont understand why it would make process more stream line when everyone logs on in the morning.
0
 

Author Closing Comment

by:resolver1
ID: 33831818
Thanks for your time guys
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question