Solved

GPMC Conundrum

Posted on 2013-12-11
12
281 Views
Last Modified: 2013-12-12
G'Day All,

I am seeking some directional oversight.

In trying to use GP to prevent access to removable USB storage but am not meeting with success. GPMC.MSC on my Windows 2008R2 domain controller does not provide me with the many options that I am reading about, such:

Two sections in Group Policy can help you secure your hardware: Computer Configuration | Administrative Templates | System | Removable Storage Access (see Figure 1),

and Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restriction (see Figure 2).

when I go into the edit of a specific policy.

I suspect that something is amiss within GP Management, a config setting, templates, who knows.

Can anyone send me some thoughts on getting the various options to show up under Administrative Templates?

Thanks and best wishes.
0
Comment
Question by:Baron_Ferg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 3

Expert Comment

by:evandrotex
ID: 39711404
0
 

Author Comment

by:Baron_Ferg
ID: 39711976
Thanks for the reply but your link is referring to server 2003 and it appears quite different from Server2008R2.

Any other pointers?
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39711990
Sorry. Thats what i used a long time ago...

Have you tried to install RSAT in a Windows 7 workstation?

I can see the configs that you mencioned from gpmc.msc
0
Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

 

Author Comment

by:Baron_Ferg
ID: 39712137
Thanks. I have RSAT in Windows 7 workstation but the GP tree appears the same as when working directly on the server. See the screenshot from RSAT on my Win7 workstation. Thanks
ADScreenshot.jpg
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39712203
Have you upgraded from 2k3, or created a central store recently?

Check if the admx files in C:\Windows\PolicyDefinitions are stored in your central store (\\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions)

It would be better to do in a test environment. But i think these admx files are missing.

Its showing only the classic administrative templates.
0
 

Author Comment

by:Baron_Ferg
ID: 39712432
Thanks.
Long off 2k3, ages ago.

I am seeing all the admx files in C:\windows\PolicyDefinitions
but none in \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions except for outlook12.admx

I am seeing lots of .adml files C:\windows\PolicyDefinitions\en-US
and also in \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions\EN-US.

Please send your thoughts. Thanks.
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39712471
Since you have the central store, you should copy the admx files to domain path. But i am afraid the classic administrative templates will be gone. If you can reproduce in an test environment would be better.
0
 

Author Comment

by:Baron_Ferg
ID: 39712479
Makes sense. Thanks. Stay tuned.
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39713704
I get the admx from machine. The central store is better, because you always have the same files in all DCs.

What files are in the \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions folder?
0
 

Author Comment

by:Baron_Ferg
ID: 39713870
Nothing much.
One folder and two files.
One folder named EN-US,
outlk12.admx
removablestorage.adml
0
 
LVL 3

Accepted Solution

by:
evandrotex earned 500 total points
ID: 39713995
I did a test in a virtual 2008 R2 DC. My admx files are retrieved from machine:



- I renamed C:\Windows\PolicyDefinitions to C:\Windows\PolicyDefinitions.old

- Created a new folder C:\Windows\PolicyDefinitions

- Created a new folder C:\Windows\PolicyDefinitions\en-us

- Ran gpmc (Nothing under administrative templates)

- copied the C:\Windows\PolicyDefinitions.old\RemovableStorage.admx to C:\Windows\PolicyDefinitions

- copied the C:\Windows\PolicyDefinitions\en-US\RemovableStorage.adml to C:\Windows\PolicyDefinitions\en-US

- ran gpmc (what we want appears, look a screenshot)


So the files need to be in the right place. (in your case \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions).

I just dont know from where these actual classic administrative templates are coming...
test-after.jpg
0
 

Author Comment

by:Baron_Ferg
ID: 39714005
Great. Thanks very much
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question