Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

GPMC Conundrum

Posted on 2013-12-11
12
Medium Priority
?
283 Views
Last Modified: 2013-12-12
G'Day All,

I am seeking some directional oversight.

In trying to use GP to prevent access to removable USB storage but am not meeting with success. GPMC.MSC on my Windows 2008R2 domain controller does not provide me with the many options that I am reading about, such:

Two sections in Group Policy can help you secure your hardware: Computer Configuration | Administrative Templates | System | Removable Storage Access (see Figure 1),

and Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restriction (see Figure 2).

when I go into the edit of a specific policy.

I suspect that something is amiss within GP Management, a config setting, templates, who knows.

Can anyone send me some thoughts on getting the various options to show up under Administrative Templates?

Thanks and best wishes.
0
Comment
Question by:Baron_Ferg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 3

Expert Comment

by:evandrotex
ID: 39711404
0
 

Author Comment

by:Baron_Ferg
ID: 39711976
Thanks for the reply but your link is referring to server 2003 and it appears quite different from Server2008R2.

Any other pointers?
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39711990
Sorry. Thats what i used a long time ago...

Have you tried to install RSAT in a Windows 7 workstation?

I can see the configs that you mencioned from gpmc.msc
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Author Comment

by:Baron_Ferg
ID: 39712137
Thanks. I have RSAT in Windows 7 workstation but the GP tree appears the same as when working directly on the server. See the screenshot from RSAT on my Win7 workstation. Thanks
ADScreenshot.jpg
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39712203
Have you upgraded from 2k3, or created a central store recently?

Check if the admx files in C:\Windows\PolicyDefinitions are stored in your central store (\\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions)

It would be better to do in a test environment. But i think these admx files are missing.

Its showing only the classic administrative templates.
0
 

Author Comment

by:Baron_Ferg
ID: 39712432
Thanks.
Long off 2k3, ages ago.

I am seeing all the admx files in C:\windows\PolicyDefinitions
but none in \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions except for outlook12.admx

I am seeing lots of .adml files C:\windows\PolicyDefinitions\en-US
and also in \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions\EN-US.

Please send your thoughts. Thanks.
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39712471
Since you have the central store, you should copy the admx files to domain path. But i am afraid the classic administrative templates will be gone. If you can reproduce in an test environment would be better.
0
 

Author Comment

by:Baron_Ferg
ID: 39712479
Makes sense. Thanks. Stay tuned.
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39713704
I get the admx from machine. The central store is better, because you always have the same files in all DCs.

What files are in the \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions folder?
0
 

Author Comment

by:Baron_Ferg
ID: 39713870
Nothing much.
One folder and two files.
One folder named EN-US,
outlk12.admx
removablestorage.adml
0
 
LVL 3

Accepted Solution

by:
evandrotex earned 2000 total points
ID: 39713995
I did a test in a virtual 2008 R2 DC. My admx files are retrieved from machine:



- I renamed C:\Windows\PolicyDefinitions to C:\Windows\PolicyDefinitions.old

- Created a new folder C:\Windows\PolicyDefinitions

- Created a new folder C:\Windows\PolicyDefinitions\en-us

- Ran gpmc (Nothing under administrative templates)

- copied the C:\Windows\PolicyDefinitions.old\RemovableStorage.admx to C:\Windows\PolicyDefinitions

- copied the C:\Windows\PolicyDefinitions\en-US\RemovableStorage.adml to C:\Windows\PolicyDefinitions\en-US

- ran gpmc (what we want appears, look a screenshot)


So the files need to be in the right place. (in your case \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions).

I just dont know from where these actual classic administrative templates are coming...
test-after.jpg
0
 

Author Comment

by:Baron_Ferg
ID: 39714005
Great. Thanks very much
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question