Solved

ADM file compatibility

Posted on 2011-02-17
11
1,341 Views
Last Modified: 2012-05-11
Hello, we have a client who would like to use USB storage restriction the way it can be set up on a Windows Server 2008 domain, except they have a Windows Server 2003 domain at this time.  Windows Server 2003 and Windows XP only use registry based USB storage restriction.  Is it possible to use Windows Server 2008 ADMX files on a Windows Server 2003 domain controller if the files are renamed to ADM from ADMX?  Thanks for any help and suggestions, Mike
0
Comment
Question by:miket71
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
11 Comments
 

Author Comment

by:miket71
ID: 34922930
We just downloaded ADML (ADMX) files from the Windows Server 2008 Administrative Templates by Microsoft, but they look much different than the ADM files for Windows Server 2003.  We are wondering if the code or syntax in an ADML file would have to be converted in order for a 2003 domain controller to understand it.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 125 total points
ID: 34923683
Nope, you cannot simply rename ADMX/ADML to ADM because of different structure. ADM is some kind of "script" syntax while ADMX uses XML structure. Of course you can convert ADM into ADMX using ADMX Migrator from Microsoft
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=0F1EEC3D-10C4-4B5F-9625-97C2F731090C&displaylang=en

but, few things :)

1) When you have 2008 in that domain, you can simply use GPP (Group Policy Preference) to modify registry on those clients. First, you need to install on them CSE (Client Side Extension) manually and it will work

XP CSE -> http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e60b5c8f-d7dc-4b27-a261-247ce3f6c4f8&displaylang=en

2003 CSE -> http://www.microsoft.com/downloads/en/details.aspx?FamilyID=bfe775f9-5c34-44d0-8a94-44e47db35add&
displaylang=en

or use WSUS to issue this update.

2) Create custom ADM file for that and import to 2003/2008 GPO (2008 is compatible with classic administrative templates)
Good one is here
http://www.petri.co.il/disable_writing_to_usb_disks_in_xp_sp2_with_gpo.htm

3) You can create appropriate registry files and import them as startup scripts

1 and 2 are better but 3 could be treated as workaround for those 2 if won't work

Regards,
Krzysztof
0
 

Author Comment

by:miket71
ID: 34925490
If we convert all of the 2003 ADM files to ADMX with the migration tool, will we then be able to import an ADML file provided by 2008 to use with the converted 2003 ADMs?  We would like to ultimately use the following 2008 ADML file on the 2003 domain:

removablestorage.adml

We don't know when they will purchase a 2008 server to use in the future.  We only have XP/2003 for now.

What is the difference between ADML and ADMX?

Thanks, Mike
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34925515
Yes, because you have 2008 Server which "understands" ADMX/ADML structure. Then create GPO on 2008 DC in GPMC and link it to appropriate Ou(s)

Krzysztof
0
 

Author Comment

by:miket71
ID: 34925543
Yes, but the problem is that we do not have Server 2008 right now, and we will not for the forseeable future, so with  that being said, is it possible to do what was explained in our previous post?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34925558
Nope :)

This situation allows you only to use ADM (classic) files :(

Krzysztof
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34926594
Server 2008 group policy doesnt disable USB any differently than 2003, it's the drivers that get disabled from starting up


http://support.microsoft.com/kb/555324


The ADM template in this article allows an Administrator to disable the respective drivers of these devices, ensuring that they cannot be used.
0
 

Author Comment

by:miket71
ID: 34927694
Okay thanks.  They are looking to only allow a specific brand name USB drive to read/write while denying all others.  I found a doc where that can be done once the device ID, hardware ID, and/or instance ID can be used to set it up in group policy, but that only applied to Vista/7/2008 as well.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34927743
Yes, because it is new GPO setting in 2008/7 It's not available in previous systems like 2003/XP

Krzysztof
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34927764
And any new GPO setting in 2008 you can still apply to 2003/XP with Client Side Extensions
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 125 total points
ID: 34927830
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question