Solved

GPMC Conundrum

Posted on 2013-12-11
12
277 Views
Last Modified: 2013-12-12
G'Day All,

I am seeking some directional oversight.

In trying to use GP to prevent access to removable USB storage but am not meeting with success. GPMC.MSC on my Windows 2008R2 domain controller does not provide me with the many options that I am reading about, such:

Two sections in Group Policy can help you secure your hardware: Computer Configuration | Administrative Templates | System | Removable Storage Access (see Figure 1),

and Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restriction (see Figure 2).

when I go into the edit of a specific policy.

I suspect that something is amiss within GP Management, a config setting, templates, who knows.

Can anyone send me some thoughts on getting the various options to show up under Administrative Templates?

Thanks and best wishes.
0
Comment
Question by:Baron_Ferg
  • 6
  • 6
12 Comments
 
LVL 3

Expert Comment

by:evandrotex
ID: 39711404
0
 

Author Comment

by:Baron_Ferg
ID: 39711976
Thanks for the reply but your link is referring to server 2003 and it appears quite different from Server2008R2.

Any other pointers?
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39711990
Sorry. Thats what i used a long time ago...

Have you tried to install RSAT in a Windows 7 workstation?

I can see the configs that you mencioned from gpmc.msc
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Author Comment

by:Baron_Ferg
ID: 39712137
Thanks. I have RSAT in Windows 7 workstation but the GP tree appears the same as when working directly on the server. See the screenshot from RSAT on my Win7 workstation. Thanks
ADScreenshot.jpg
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39712203
Have you upgraded from 2k3, or created a central store recently?

Check if the admx files in C:\Windows\PolicyDefinitions are stored in your central store (\\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions)

It would be better to do in a test environment. But i think these admx files are missing.

Its showing only the classic administrative templates.
0
 

Author Comment

by:Baron_Ferg
ID: 39712432
Thanks.
Long off 2k3, ages ago.

I am seeing all the admx files in C:\windows\PolicyDefinitions
but none in \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions except for outlook12.admx

I am seeing lots of .adml files C:\windows\PolicyDefinitions\en-US
and also in \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions\EN-US.

Please send your thoughts. Thanks.
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39712471
Since you have the central store, you should copy the admx files to domain path. But i am afraid the classic administrative templates will be gone. If you can reproduce in an test environment would be better.
0
 

Author Comment

by:Baron_Ferg
ID: 39712479
Makes sense. Thanks. Stay tuned.
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39713704
I get the admx from machine. The central store is better, because you always have the same files in all DCs.

What files are in the \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions folder?
0
 

Author Comment

by:Baron_Ferg
ID: 39713870
Nothing much.
One folder and two files.
One folder named EN-US,
outlk12.admx
removablestorage.adml
0
 
LVL 3

Accepted Solution

by:
evandrotex earned 500 total points
ID: 39713995
I did a test in a virtual 2008 R2 DC. My admx files are retrieved from machine:



- I renamed C:\Windows\PolicyDefinitions to C:\Windows\PolicyDefinitions.old

- Created a new folder C:\Windows\PolicyDefinitions

- Created a new folder C:\Windows\PolicyDefinitions\en-us

- Ran gpmc (Nothing under administrative templates)

- copied the C:\Windows\PolicyDefinitions.old\RemovableStorage.admx to C:\Windows\PolicyDefinitions

- copied the C:\Windows\PolicyDefinitions\en-US\RemovableStorage.adml to C:\Windows\PolicyDefinitions\en-US

- ran gpmc (what we want appears, look a screenshot)


So the files need to be in the right place. (in your case \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions).

I just dont know from where these actual classic administrative templates are coming...
test-after.jpg
0
 

Author Comment

by:Baron_Ferg
ID: 39714005
Great. Thanks very much
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
An article on effective troubleshooting
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question