Solved

GPO's win2k3-win2k8r2

Posted on 2011-03-23
9
836 Views
Last Modified: 2012-06-21
Are there any procedures that one should go through in order to verify that GPO's created on Win2k3 will work correctly if the DC's are all upgraded to Win2k8R2?
0
Comment
Question by:Ben Hart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 12

Accepted Solution

by:
Navdeep earned 125 total points
ID: 35201592
In ideal situation they will work as expected however there are not always a ideal situation.
you need to test in the lap environment first or add a pilot dc first and then test it out
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 35201790
Ahh so no tool, or wizard or something that can be used in a situation like this?
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35201837
If you have custom ADMs you want to convert you can use this converter   http://www.microsoft.com/downloads/en/details.aspx?FamilyId=0F1EEC3D-10C4-4B5F-9625-97C2F731090C&displaylang=en

but v-2 has it right they should work fine.  Once you start creating in 2008/7 try to use those boxes as your management workstation for group policy.

Thanks

Mike
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 14

Author Comment

by:Ben Hart
ID: 35207112
Hmm, I posted this question because for example yesterday I modified a new GPO on my workstation (Win7 sp1 64bit w/rsat) I opened the same GPO on the server and noticed a couple entries listed under "Extra Registry Settings" telling me "Display names for some settings cannot be found.  You might be able to resolve this issue by updating the ADM files used by Group Policy"

So with that and some free time in hand, I Googled for a while and found: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=16f69ffe-d51b-4e02-9d02-3e57f3ccd490
Updated ADMX templates for 2k8 R2 and Win7., so I installed that on one of the DC's, then followed the directions to create a Central Policy store, copied the files into the folder.  I re-opened GP Management then edited the GPO in question only to be given the same display names thing.

I guess I'm unsure of the standard procedure in managing GPOs.. is the normal way to create/edit GPO's in a 2k8 R2 domain to use the admins workstation?  Is there anything to worry about with the server not being able to read or recognize all the options in any particular GPO?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 35210531
Server 2003 will not be able to read new GPO from W2K8. Admin Workstation is used just for the security purpose. If you have win7, use rsat tools, otherwise you can manage the gpo's from server 2k8 as well.

Although you may not be able to see those from server 2003 but gpo do exist and they will get applied.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 35210572
Oh no.. you misunderstand maybe.  We no longer have any Win2k3 DC's, both are 2k8 R2 and the issue I'm getting reading a GPO created by Win7 is on one of the 2k8 DC's.

Roger that about the admin workstation.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 35210588
Server 2003 will be able to read a policy created in 2008.  The problem is you won't be able to edit "new" settings that apply to 7/2008.

...but for example create a policy on a 2008 box and configure password settings.  (those have been around forever)

You can certainly open and edit that on a 2003/xp box.

What does happen when you use an older box to view the new GPO is that the ADM gets created which increases the size by 3 MB.

I'd stick to the newer machines but you can read.

Thanks

Mike
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 35210606
Ok so creating GPO's using my Win7 admin workstation is totally fine, and I should not worry about the fact that there are parts of these GPO's that are apparently unreadable by a Win2k8R2 domain controller because the setting will still be applied.  Is that correct?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 35211013
Yes
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question