Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Group Policy Central Store???

Posted on 2010-09-13
11
1,737 Views
Last Modified: 2012-06-27
can any one tell me what a Group Policy Central Store is?  Ive been recommended to create one but not sure what one is and how to go about creating one.
0
Comment
Question by:resolver1
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 7

Expert Comment

by:ieden
ID: 33663170
GP stores it's data in the \\Domain\SYSVOL share. This is replicateed between Domain controllers automatically for you when additional DC's are brought into the domain.
0
 
LVL 10

Accepted Solution

by:
jorlando66 earned 125 total points
ID: 33663173
These are not my words and I have provided a link for credits below...No reason to type all this when someone allready did the work :)

In earlier versions of Windows, all the default Administrative Template files are added to the ADM folder of a Group Policy object (GPO) on a domain controller. The GPOs are stored in the SYSVOL folder. You can see this part in your own domain by navigating to \\FQDN\SYSVOL\FQDN\Policies. In that location, you’ll see a number of GUIDs, each that relates to a configured GPO. Drilling further into any particular GUID, you will find a series of files the contents of which instruct clients to process configured GPO settings.

The SYSVOL folder is automatically replicated to other domain controllers in the same domain. A policy file uses approximately 2 megabytes (MB) of hard disk space. Because each domain controller stores a distinct version of a policy, replication traffic is increased.

To overcome this problem a new feature called Group Policy Central Store was introduced with Windows Vista / Windows 2008. Rather than replicating template files into each GPO’s SYSVOL folder, a single folder is created to store them all. Group Policy Central Store are turned of by default, so to take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.

1. Log on as Domain Administrator on the Windows 2008 server you use for Group Policy Management
2. Copy the folder C:\Windows\PolicyDefinitions to \\FQDN\SYSVOL\FQDN\Policies
3. Open Group Policy Management Console
4. Edit a Group Policy Object and expand the Administrative Templates node
5. Verify that the Administrative Templates are loaded from Group Policy Central Store (see picture)

http://www.xenappblog.com/2010/create-a-central-store-for-group-policy-administrative-templates/
0
 
LVL 38

Assisted Solution

by:Philip Elder
Philip Elder earned 250 total points
ID: 33663623
The CS allows for all ADM/ADMX files to be stored in one location on each DC.

Thus, making changes to GPOs no longer happens on an individual DC which is then replicated to all other DCs. The Central Store can be edited directly.

Caveat: When an OS receives a service pack (server or desktop) the CS needs to be edited from the newly service packed system to update the CS. This is not an automatic process.

See Jeremy Moskowitz and his books for more:
http://www.gpanswers.com/

Philip
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 33663763
It is mainly used to help with sysvol bloat that jorland outlined Florian has a good article here too   http://www.frickelsoft.net/blog/?p=97
I recently talked to a friend that was using some bitlocker policies and they were missing from their GPO.   Ends up those admx files were missing on the central store.   Very similar to what the DS team described here   http://blogs.technet.com/b/askds/archive/2009/12/09/windows-7-windows-server-2008-r2-and-the-group-policy-central-store.aspx
So as you can see there can be  pros and cons
Thanks
 
Mike
0
 

Author Comment

by:resolver1
ID: 33673393
ill have a read tomorrow. thanks for your replys
0
 

Author Comment

by:resolver1
ID: 33692329
If you only have one DC is there any advantage in having Group Policy Central Store?
0
 
LVL 7

Expert Comment

by:ieden
ID: 33692505
Not particularly... You should however, always backup you policies.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33693024
If you only have one DC your next project should be to get a second DC up as quickly as possible.  You are in deep water if you only have one DC and that thing dies hard.
0
 
LVL 38

Assisted Solution

by:Philip Elder
Philip Elder earned 250 total points
ID: 33693357
We do create the store at all of our SBS 2008 sites by default.

As I recal, besides centralizing all policies, it makes for quicker GPO processing and easier editing by multiple parties.

Even with a single DC site like an SBS 2008 one, we create some fairly complex OU/GPO structures depending on the client. So, having the ability to streamline processing in this manner is to our client's advantage especially first thing in the morning when everyone logs on at the same time.

Philip
0
 

Author Comment

by:resolver1
ID: 33716798
MPECSInc can you elaborate further. i dont understand why it would make process more stream line when everyone logs on in the morning.
0
 

Author Closing Comment

by:resolver1
ID: 33831818
Thanks for your time guys
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question