GPO's, adm, adml, admx - terminology & best practice implementation

Posted on 2012-09-21
Last Modified: 2012-09-25

I’m somewhat confused on terminology and best practises adm, adml admx, GPO’s on Windows 2008 R2.
I wanted to and implement default search provider GPO and found this link  and this

Now my questions on GPO/policies:
•      When would you use “Restore from Backup” or “Import Settings” on policy?
•      When you edit the policy, you have the “add/remove templates” section, what  is the idea behind this compared to the “Restore from Backup” or “Import Settings”?
•      I have downloaded adm-files (f.e. Office 2010), but I see at c:\windows\policydefinitions contains a lot of admx-files, what is the story here & how should I import them?
•      Why is there a registry section in GPO (GPO preferences) whereas GPO’s are actually setting registry settings?
•      What about the “Central Store” policy definitions, is this a best practice in companies, what if you don’t use it (I haven’t set it up in my lab)
•      What about tools to convert registry files to GPO

I googled around and found this but I’m not fully able to put the pieces together of ;

Please advise.
Question by:janhoedt
    LVL 17

    Expert Comment

    by:James Haywood
    Thats a lot of questions!

    1. Restore from backup: Allows you to replace a GPO with a backup (if you changed settings and caused errors)
    2. Import settings: Allows you to transfer GPO settings from one environment to another (e.g. Development system to Production)
    3. This lets you add software specific settings to your GPO (e.g. options for Office 2010, IE9)
    4. .adm files are for any version of Windows, .admx are Vista upwards, amdl files are the language files to support .admx.
    5. To allow you to set/import registry settings via GPO (rather than via logon script)
    6. If you have more than one DC then a Central Store is recommended as new .adml and .admx files you have uploaded are not replicated unless you create one.
    7. Not sure, never used one. I would export the key/s and deploy using a GPO

    Hope this helps

    Author Comment

    -“Central Store” is this a best practice in companies?
    -so admx can t be used on xp? don t understand since these are files on the dc, not on client side
    -admx, adml: can t figure out what advantage they have to adml and howto implement them correctly (don t see them when importing)
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    Change XP and Vista to XP based (WS2k3)and Vista Based (WS2K8)
    or os major version 5 and major version 6

    adm files are located in the %systemroot%\inf folder
    admx files are located in the %systemroot%\PolicyDefinitions Folder

    don't forget that gpedit.msc is available on the non-domain joined machine, same with the local policy editor they will use the appropriate ADM/ADMX depending upon the O/S Version

    the adml files are localized versions of the admx files i.e. if you had German in your regional and languages, the TEXT shown by the Group Policy Editor will be in your language rather than just in EN-US.

    When you add the files to your Central store NO settings get changed, you are just given more things that have templates for you to then change things.

    ADMX files are xml versions of the ADM files but with the added feature of localization.

    You don't import them you copy them to your central store i.e. (C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions)
    LVL 60

    Accepted Solution

    vista and 7 shd be same mentioned below

    4. The Group Policy tools will recognize ADMX files only if you are using a Windows Vista–based or Windows Server 2008–based computer.

    > Group Policy Object Editor on Windows Server 2003, Windows XP, or Windows 2000 machines will not display new Windows Vista Administrative Template policy settings that may be enabled or disabled within a GPO.

    > The Windows Vista or Windows Server 2008 versions of Group Policy Object Editor and Group Policy Management Console support interoperability with versions of these tools on Windows Server 2003, and Windows XP. For example, custom ADM files stored in GPOs will be consumed by Group Policy Object Editor and GPMC on Windows Vista, Windows Server 2008, Windows Server 2003, and Windows XP.

    6. The design of the central store and the new way that GPOs store files greatly reduces the amount of storage space required to maintain GPOs. In Windows Vista and Windows Server 2008, Group Policy Object Editor will not copy ADM files to each edited GPO, which was the case with earlier operating systems. Nor will Group Policy Object Editor copy the new ADMX files. Instead, it will provide the ability to read from a single domain-level location on the domain controller's sysvol (not user configurable). If the central store is unavailable, Group Policy Object Editor will read from the local administrative workstation.

    In addition to storing the ADMX files shipped in the operating system in the central store, you can share a custom ADMX file by copying the file to the central store. This makes it available automatically to all Group Policy administrators in a domain

    Also see this @

    ADML files are language files and are responsible for creating the folder and policy structure in the GPO editor. This allows for many languages to be supported, where ADM templates only supported English.

    7. script to convert .reg into admx or using reg2xml tool. the admx files is then used for gpo
    free -
    trial -


    There has been a change from ADM templates to ADMX/ADML files in Windows Server 2008/Vista/7. This change could have an impact on your custom ADM templates, if you are not aware of the overall big picture of the changes. Keep in mind that ADM templates are no longer used, but are instead replaced by ADMX/ADML files in the creation of the Administrative Templates nodes in the GPO editor, as well as the definition of the Registry entry that will be altered. Custom ADM templates are stored in the GUID folder of the GPO that they are associated with, regardless of the version of the OS that is performing the administration of the GPO. It is this structure and the ability of the newer OSs that provide the cohabitation of the newer files along with the custom ADM templates. Just keep in mind that the custom ADM template settings will show up under the Classic Administrative Templates (ADM) folder.

    The Central Store (also called Central Repository or Domain-Wide Repository) only makes sense in a domain environment, but it’s not used or “activated” by default. The Central Store (CS) is actually just a new directory replicated between Domain Controllers in the SYSVOL area (which is already used by Windows 2000/XP/2003 to store Group Policy Objects). There is nothing mysterious about this folder, but it helps to centrally administer the ADMX and ADML files used for policy creation and editing - and reduces the storage requirements for GPO's in the SYSVOL area.

    We either use one Central Store in the domain or the local directories on each admin client to hold ADMX/ADML files (the latter is the old approach). The two methods are mutually exclusive, either the "online" ADMX files are used or the local files. Once the Central Store is created the local ADMX/ADML files are no longer used, unless the central store for some reason is unavailable, then we fall back to the local files.

    ADM templates could be pretty annoying in situations where domain wide policies were administered from different administrative workstations. There could be language and version mismatches between the ADM files used, so when a French administrator edits the Default Domain Policy his/her language and operating system version (2000/XP/2003) will be reflected in the ADM files copied to the SYSVOL, as well as the Service Pack level of the computer.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Are end users causing IT problems again?

    You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

    We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
    This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
    This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now