Solved

Windows 7 and 8 Group policies on older server

Posted on 2014-02-05
18
369 Views
Last Modified: 2014-02-15
I have a Windows SBS2003 Server. We are running Windows XP SP3 on our PCs but the time has come to move them to something newer.

I think the clients will end up being Windows 8 or possibly Windows 7. Can I control these client PCs using Group policies on this older server?

Can I somehow import some new policy files that will allow me to control these newer clients?

Or do I just need to upgrade to a newer server OS.

Any advice appreciated.

Thanks
0
Comment
Question by:roy_batty
  • 5
  • 4
  • 4
  • +3
18 Comments
 
LVL 6

Assisted Solution

by:alexgreen312
alexgreen312 earned 100 total points
ID: 39835271
Hi mate,

Well, some group policies will work and others won't, your best bet would be to install a windows 2008r2 box as a virtual machine and then configure the group policies on that. You wouldn't have to make any other changes from AD.

http://social.technet.microsoft.com/Forums/windowsserver/en-US/846e1ccb-c9ba-474f-81ee-7106be104d39/windows-7-clients-on-2003-domain-group-policy?forum=winserverGP

There is quite a bit of information on that post so you may want to check it out. You can also use windows 7 for this.
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 39835300
You can upgrade to new server OS windows 2008 r2

OR

Add another domain controller in the domain so that your schema will upgrade and increase your domain functional and forest function level to apply group policy on the windows 7 and 8 machine.
0
 
LVL 6

Expert Comment

by:alexgreen312
ID: 39835304
but the second you upgrade the schema and the DFL and FFL his windows 2003 DC is useless.

That's just an extreme solution for a relatively small issue.
0
 
LVL 1

Author Comment

by:roy_batty
ID: 39835485
I don't want to install another server, virtual or otherwise. From what I can see in the link on your post alexgreen312. I can put a windows 8 client onto the domain. Then with a bit of tinkering I can use that same client PC to create a subset of GPOs that I can apply back to this same PC and the other new Windows 8 PCs.

Is that correct?
0
 
LVL 6

Expert Comment

by:alexgreen312
ID: 39835515
Yes that's correct,

The full step by step guide is in that link so you should be able to follow that. I would however recommend you put all your computer accounts running windows7/8 into a seperate OU so you don't mess up your windows XP machines.

EDIT - Little technet document here which may assist your efforts futher.

http://technet.microsoft.com/en-us/library/cc766208%28WS.10%29.aspx
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 100 total points
ID: 39836410
Yes all you need are the RSAT tools from the windows7/8 machine logged in as a domain admin to create the Group policies
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39836578
You should be aware that support for SBS 2003 is ending in a couple of months.

This server really does need to be replaced.

I thought you made that decision a year ago though???
http://www.experts-exchange.com/Q_28012300.html

Jeff
0
 
LVL 1

Author Comment

by:roy_batty
ID: 39836593
Yes decision made but for another company. I am trying to convince them to get a new server soon. This problem is just the first step to modernizing.
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 39836601
So, you can definitely add Windows 7/8 machines to your current domain.  But to get the best management of those machines, you really need to be running a modern server.  Server 2012 Essentials is ideal for smaller environments.

Jeff
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 39836609
Regarding Group Policies specifically... all current policies will work on Windows 7/8.  But you won't be able to take advantage of newer GP options such as Group Policy Preferences, as these need at least a Server 2008 DC.

Jeff
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39836785
Many comments here are wrong. Please do a little research, people.
-Support for 2003 server ends in 2015, not 2014 which holds true for xp. More than a year to go.
-With 2008 R2, of course, you cannot manage policies for win8 (unless RSAT is used).
-Mixing different OSs in OUs is no problem at all. OU structure is not to be based on OS'. You can use groups+security filtering or wmi filters, but I would definitely not use OUs for separating OS'.
-schema upgrades will not destroy anything.
-not "some" GPOs will work but others won't. You will only have a lot more GPOs with 2012R2. The old ones will all work with next to no exemptions.

So install a server 2012 R2 now or use RSAT on 8.1.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39838072
@McKnife -- we're not talking about Server 2003 Standard support

SBS 2003 Support effectively ends this April because support for Exchange 2003 ends at that time.
http://blogs.technet.com/b/sbs/archive/2013/09/25/information-about-sbs-2003-product-support-lifecycle.aspx
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39838288
SBS 2003 ends per-component, yes. But the server component we are talking about  (AD) ends the same day as 2003 server standard and that is in 2015. Exchange 2014, yes, if he uses it.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39839987
You apparently don't have much experience with SBS.  You cannot just talk about the server component and ignore the other major parts of SBS (Exchange and SharePoint).  So, it doesn't matter that there is an additional year.

SBS2003 does not function without Exchange.  In fact, if you disable Exchange you cannot install SBS's Service Packs (different from Server 2003's SP's which also need to be installed when you install an SBS Service Pack).  

I don't mean to be difficult with this -- but you began your conversation in this thread with a statement declaring that previous comments were wrong.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39840537
Ok, if running sbs implies to have those running, they indeed have a problem pretty soon. Thanks for correcting the first "correction".
0
 
LVL 1

Author Comment

by:roy_batty
ID: 39841446
They do use Exchange on SBS2003 so they will need to upgrade their server very soon.

Hopefully they will move to Server Essentials 2012 and Offfice 365 for email and office suite and storage.

So to clarify. If I install a Windows 7 or Windows 8 PC onto the domain, as long as I install RSAT I can manage the newer gpo settings - Other than installing RSAT and obviously setting up new policies I shouldn't have many problems. I don't need to do anything suggested in this link mentioned earlier. This is just to allow me to manage the newer settings without actually upgrading the server - a bit of a hack really:

http://social.technet.microsoft.com/Forums/windowsserver/en-US/846e1ccb-c9ba-474f-81ee-7106be104d39/windows-7-clients-on-2003-domain-group-policy?forum=winserverGP


I have just tested W7 and W8 clients on a Server 2003 domain using my vmware test environment and the PCs seems to be picking up the settings I need. Will need a little tinkering but it will do for now, until they upgrade the server.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 100 total points
ID: 39841485
With RSAT on 7, you will only see policies up to the level of win7/server 2008 R2.
With 8, you see 8/2012 and with 8.1, you see 8.1/2012 R2.
0
 
LVL 1

Author Closing Comment

by:roy_batty
ID: 39861950
Thanks for clarifying this for me and a couple of other issues too.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now