Solved

GPMC Conundrum

Posted on 2013-12-11
12
276 Views
Last Modified: 2013-12-12
G'Day All,

I am seeking some directional oversight.

In trying to use GP to prevent access to removable USB storage but am not meeting with success. GPMC.MSC on my Windows 2008R2 domain controller does not provide me with the many options that I am reading about, such:

Two sections in Group Policy can help you secure your hardware: Computer Configuration | Administrative Templates | System | Removable Storage Access (see Figure 1),

and Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restriction (see Figure 2).

when I go into the edit of a specific policy.

I suspect that something is amiss within GP Management, a config setting, templates, who knows.

Can anyone send me some thoughts on getting the various options to show up under Administrative Templates?

Thanks and best wishes.
0
Comment
Question by:Baron_Ferg
  • 6
  • 6
12 Comments
 
LVL 3

Expert Comment

by:evandrotex
ID: 39711404
0
 

Author Comment

by:Baron_Ferg
ID: 39711976
Thanks for the reply but your link is referring to server 2003 and it appears quite different from Server2008R2.

Any other pointers?
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39711990
Sorry. Thats what i used a long time ago...

Have you tried to install RSAT in a Windows 7 workstation?

I can see the configs that you mencioned from gpmc.msc
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 

Author Comment

by:Baron_Ferg
ID: 39712137
Thanks. I have RSAT in Windows 7 workstation but the GP tree appears the same as when working directly on the server. See the screenshot from RSAT on my Win7 workstation. Thanks
ADScreenshot.jpg
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39712203
Have you upgraded from 2k3, or created a central store recently?

Check if the admx files in C:\Windows\PolicyDefinitions are stored in your central store (\\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions)

It would be better to do in a test environment. But i think these admx files are missing.

Its showing only the classic administrative templates.
0
 

Author Comment

by:Baron_Ferg
ID: 39712432
Thanks.
Long off 2k3, ages ago.

I am seeing all the admx files in C:\windows\PolicyDefinitions
but none in \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions except for outlook12.admx

I am seeing lots of .adml files C:\windows\PolicyDefinitions\en-US
and also in \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions\EN-US.

Please send your thoughts. Thanks.
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39712471
Since you have the central store, you should copy the admx files to domain path. But i am afraid the classic administrative templates will be gone. If you can reproduce in an test environment would be better.
0
 

Author Comment

by:Baron_Ferg
ID: 39712479
Makes sense. Thanks. Stay tuned.
0
 
LVL 3

Expert Comment

by:evandrotex
ID: 39713704
I get the admx from machine. The central store is better, because you always have the same files in all DCs.

What files are in the \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions folder?
0
 

Author Comment

by:Baron_Ferg
ID: 39713870
Nothing much.
One folder and two files.
One folder named EN-US,
outlk12.admx
removablestorage.adml
0
 
LVL 3

Accepted Solution

by:
evandrotex earned 500 total points
ID: 39713995
I did a test in a virtual 2008 R2 DC. My admx files are retrieved from machine:



- I renamed C:\Windows\PolicyDefinitions to C:\Windows\PolicyDefinitions.old

- Created a new folder C:\Windows\PolicyDefinitions

- Created a new folder C:\Windows\PolicyDefinitions\en-us

- Ran gpmc (Nothing under administrative templates)

- copied the C:\Windows\PolicyDefinitions.old\RemovableStorage.admx to C:\Windows\PolicyDefinitions

- copied the C:\Windows\PolicyDefinitions\en-US\RemovableStorage.adml to C:\Windows\PolicyDefinitions\en-US

- ran gpmc (what we want appears, look a screenshot)


So the files need to be in the right place. (in your case \\yourdomain\sysvol\yourdomain\policies\PolicyDefinitions).

I just dont know from where these actual classic administrative templates are coming...
test-after.jpg
0
 

Author Comment

by:Baron_Ferg
ID: 39714005
Great. Thanks very much
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question