Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

GPMC Conundrum

Posted on 2013-12-11
12
Medium Priority
?
286 Views
Last Modified: 2013-12-12
G'Day All,

I am seeking some directional oversight.

In trying to use GP to prevent access to removable USB storage but am not meeting with success. GPMC.MSC on my Windows 2008R2 domain controller does not provide me with the many options that I am reading about, such:

Two sections in Group Policy can help you secure your hardware: Computer Configuration | Administrative Templates | System | Removable Storage Access (see Figure 1),

and Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restriction (see Figure 2).

when I go into the edit of a specific policy.

I suspect that something is amiss within GP Management, a config setting, templates, who knows.

Can anyone send me some thoughts on getting the various options to show up under Administrative Templates?

Thanks and best wishes.
0
Comment
Question by:Baron_Ferg
  • 6
  • 6
12 Comments
 
LVL 3

Expert Comment

by:evandrotex
ID: 39711404
0
 

Author Comment

by:Baron_Ferg
ID: 39711976
Thanks for the reply but your link is referring to server 2003 and it appears quite different from Server2008R2.

Any other pointers?
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39711990
Sorry. Thats what i used a long time ago...

Have you tried to install RSAT in a Windows 7 workstation?

I can see the configs that you mencioned from gpmc.msc
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Baron_Ferg
ID: 39712137
Thanks. I have RSAT in Windows 7 workstation but the GP tree appears the same as when working directly on the server. See the screenshot from RSAT on my Win7 workstation. Thanks
ADScreenshot.jpg
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39712203
Have you upgraded from 2k3, or created a central store recently?

Check if the admx files in C:\Windows\PolicyDefinitions are stored in your central store (\\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions)

It would be better to do in a test environment. But i think these admx files are missing.

Its showing only the classic administrative templates.
0
 

Author Comment

by:Baron_Ferg
ID: 39712432
Thanks.
Long off 2k3, ages ago.

I am seeing all the admx files in C:\windows\PolicyDefinitions
but none in \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions except for outlook12.admx

I am seeing lots of .adml files C:\windows\PolicyDefinitions\en-US
and also in \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions\EN-US.

Please send your thoughts. Thanks.
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39712471
Since you have the central store, you should copy the admx files to domain path. But i am afraid the classic administrative templates will be gone. If you can reproduce in an test environment would be better.
0
 

Author Comment

by:Baron_Ferg
ID: 39712479
Makes sense. Thanks. Stay tuned.
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39713704
I get the admx from machine. The central store is better, because you always have the same files in all DCs.

What files are in the \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions folder?
0
 

Author Comment

by:Baron_Ferg
ID: 39713870
Nothing much.
One folder and two files.
One folder named EN-US,
outlk12.admx
removablestorage.adml
0
 
LVL 3

Accepted Solution

by:
evandrotex earned 2000 total points
ID: 39713995
I did a test in a virtual 2008 R2 DC. My admx files are retrieved from machine:



- I renamed C:\Windows\PolicyDefinitions to C:\Windows\PolicyDefinitions.old

- Created a new folder C:\Windows\PolicyDefinitions

- Created a new folder C:\Windows\PolicyDefinitions\en-us

- Ran gpmc (Nothing under administrative templates)

- copied the C:\Windows\PolicyDefinitions.old\RemovableStorage.admx to C:\Windows\PolicyDefinitions

- copied the C:\Windows\PolicyDefinitions\en-US\RemovableStorage.adml to C:\Windows\PolicyDefinitions\en-US

- ran gpmc (what we want appears, look a screenshot)


So the files need to be in the right place. (in your case \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions).

I just dont know from where these actual classic administrative templates are coming...
test-after.jpg
0
 

Author Comment

by:Baron_Ferg
ID: 39714005
Great. Thanks very much
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
The article covers five tools all IT professionals should know about, as they up productivity by a great deal!
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question