Link to home
Start Free TrialLog in
Avatar of miket71
miket71Flag for United States of America

asked on

ADM file compatibility

Hello, we have a client who would like to use USB storage restriction the way it can be set up on a Windows Server 2008 domain, except they have a Windows Server 2003 domain at this time.  Windows Server 2003 and Windows XP only use registry based USB storage restriction.  Is it possible to use Windows Server 2008 ADMX files on a Windows Server 2003 domain controller if the files are renamed to ADM from ADMX?  Thanks for any help and suggestions, Mike
Avatar of miket71
miket71
Flag of United States of America image

ASKER

We just downloaded ADML (ADMX) files from the Windows Server 2008 Administrative Templates by Microsoft, but they look much different than the ADM files for Windows Server 2003.  We are wondering if the code or syntax in an ADML file would have to be converted in order for a 2003 domain controller to understand it.
ASKER CERTIFIED SOLUTION
Avatar of Krzysztof Pytko
Krzysztof Pytko
Flag of Poland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of miket71
miket71
Flag of United States of America image

ASKER

If we convert all of the 2003 ADM files to ADMX with the migration tool, will we then be able to import an ADML file provided by 2008 to use with the converted 2003 ADMs?  We would like to ultimately use the following 2008 ADML file on the 2003 domain:

removablestorage.adml

We don't know when they will purchase a 2008 server to use in the future.  We only have XP/2003 for now.

What is the difference between ADML and ADMX?

Thanks, Mike
Avatar of Krzysztof Pytko
Krzysztof Pytko
Flag of Poland image
Yes, because you have 2008 Server which "understands" ADMX/ADML structure. Then create GPO on 2008 DC in GPMC and link it to appropriate Ou(s)

Krzysztof
Avatar of miket71
miket71
Flag of United States of America image

ASKER

Yes, but the problem is that we do not have Server 2008 right now, and we will not for the forseeable future, so with  that being said, is it possible to do what was explained in our previous post?
Avatar of Krzysztof Pytko
Krzysztof Pytko
Flag of Poland image
Nope :)

This situation allows you only to use ADM (classic) files :(

Krzysztof
Avatar of Don
Don
Flag of United States of America image
Server 2008 group policy doesnt disable USB any differently than 2003, it's the drivers that get disabled from starting up


http://support.microsoft.com/kb/555324


The ADM template in this article allows an Administrator to disable the respective drivers of these devices, ensuring that they cannot be used.
Avatar of miket71
miket71
Flag of United States of America image

ASKER

Okay thanks.  They are looking to only allow a specific brand name USB drive to read/write while denying all others.  I found a doc where that can be done once the device ID, hardware ID, and/or instance ID can be used to set it up in group policy, but that only applied to Vista/7/2008 as well.
Avatar of Krzysztof Pytko
Krzysztof Pytko
Flag of Poland image
Yes, because it is new GPO setting in 2008/7 It's not available in previous systems like 2003/XP

Krzysztof
Avatar of Don
Don
Flag of United States of America image
And any new GPO setting in 2008 you can still apply to 2003/XP with Client Side Extensions
SOLUTION
Avatar of Don
Don
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial