Solved

Windows 7 and 8 Group policies on older server

Posted on 2014-02-05
18
375 Views
Last Modified: 2014-02-15
I have a Windows SBS2003 Server. We are running Windows XP SP3 on our PCs but the time has come to move them to something newer.

I think the clients will end up being Windows 8 or possibly Windows 7. Can I control these client PCs using Group policies on this older server?

Can I somehow import some new policy files that will allow me to control these newer clients?

Or do I just need to upgrade to a newer server OS.

Any advice appreciated.

Thanks
0
Comment
Question by:roy_batty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 4
  • +3
18 Comments
 
LVL 10

Assisted Solution

by:Alex Green
Alex Green earned 100 total points
ID: 39835271
Hi mate,

Well, some group policies will work and others won't, your best bet would be to install a windows 2008r2 box as a virtual machine and then configure the group policies on that. You wouldn't have to make any other changes from AD.

http://social.technet.microsoft.com/Forums/windowsserver/en-US/846e1ccb-c9ba-474f-81ee-7106be104d39/windows-7-clients-on-2003-domain-group-policy?forum=winserverGP

There is quite a bit of information on that post so you may want to check it out. You can also use windows 7 for this.
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 39835300
You can upgrade to new server OS windows 2008 r2

OR

Add another domain controller in the domain so that your schema will upgrade and increase your domain functional and forest function level to apply group policy on the windows 7 and 8 machine.
0
 
LVL 10

Expert Comment

by:Alex Green
ID: 39835304
but the second you upgrade the schema and the DFL and FFL his windows 2003 DC is useless.

That's just an extreme solution for a relatively small issue.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 1

Author Comment

by:roy_batty
ID: 39835485
I don't want to install another server, virtual or otherwise. From what I can see in the link on your post alexgreen312. I can put a windows 8 client onto the domain. Then with a bit of tinkering I can use that same client PC to create a subset of GPOs that I can apply back to this same PC and the other new Windows 8 PCs.

Is that correct?
0
 
LVL 10

Expert Comment

by:Alex Green
ID: 39835515
Yes that's correct,

The full step by step guide is in that link so you should be able to follow that. I would however recommend you put all your computer accounts running windows7/8 into a seperate OU so you don't mess up your windows XP machines.

EDIT - Little technet document here which may assist your efforts futher.

http://technet.microsoft.com/en-us/library/cc766208%28WS.10%29.aspx
0
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 100 total points
ID: 39836410
Yes all you need are the RSAT tools from the windows7/8 machine logged in as a domain admin to create the Group policies
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39836578
You should be aware that support for SBS 2003 is ending in a couple of months.

This server really does need to be replaced.

I thought you made that decision a year ago though???
http://www.experts-exchange.com/Q_28012300.html

Jeff
0
 
LVL 1

Author Comment

by:roy_batty
ID: 39836593
Yes decision made but for another company. I am trying to convince them to get a new server soon. This problem is just the first step to modernizing.
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 39836601
So, you can definitely add Windows 7/8 machines to your current domain.  But to get the best management of those machines, you really need to be running a modern server.  Server 2012 Essentials is ideal for smaller environments.

Jeff
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 39836609
Regarding Group Policies specifically... all current policies will work on Windows 7/8.  But you won't be able to take advantage of newer GP options such as Group Policy Preferences, as these need at least a Server 2008 DC.

Jeff
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39836785
Many comments here are wrong. Please do a little research, people.
-Support for 2003 server ends in 2015, not 2014 which holds true for xp. More than a year to go.
-With 2008 R2, of course, you cannot manage policies for win8 (unless RSAT is used).
-Mixing different OSs in OUs is no problem at all. OU structure is not to be based on OS'. You can use groups+security filtering or wmi filters, but I would definitely not use OUs for separating OS'.
-schema upgrades will not destroy anything.
-not "some" GPOs will work but others won't. You will only have a lot more GPOs with 2012R2. The old ones will all work with next to no exemptions.

So install a server 2012 R2 now or use RSAT on 8.1.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39838072
@McKnife -- we're not talking about Server 2003 Standard support

SBS 2003 Support effectively ends this April because support for Exchange 2003 ends at that time.
http://blogs.technet.com/b/sbs/archive/2013/09/25/information-about-sbs-2003-product-support-lifecycle.aspx
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39838288
SBS 2003 ends per-component, yes. But the server component we are talking about  (AD) ends the same day as 2003 server standard and that is in 2015. Exchange 2014, yes, if he uses it.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39839987
You apparently don't have much experience with SBS.  You cannot just talk about the server component and ignore the other major parts of SBS (Exchange and SharePoint).  So, it doesn't matter that there is an additional year.

SBS2003 does not function without Exchange.  In fact, if you disable Exchange you cannot install SBS's Service Packs (different from Server 2003's SP's which also need to be installed when you install an SBS Service Pack).  

I don't mean to be difficult with this -- but you began your conversation in this thread with a statement declaring that previous comments were wrong.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39840537
Ok, if running sbs implies to have those running, they indeed have a problem pretty soon. Thanks for correcting the first "correction".
0
 
LVL 1

Author Comment

by:roy_batty
ID: 39841446
They do use Exchange on SBS2003 so they will need to upgrade their server very soon.

Hopefully they will move to Server Essentials 2012 and Offfice 365 for email and office suite and storage.

So to clarify. If I install a Windows 7 or Windows 8 PC onto the domain, as long as I install RSAT I can manage the newer gpo settings - Other than installing RSAT and obviously setting up new policies I shouldn't have many problems. I don't need to do anything suggested in this link mentioned earlier. This is just to allow me to manage the newer settings without actually upgrading the server - a bit of a hack really:

http://social.technet.microsoft.com/Forums/windowsserver/en-US/846e1ccb-c9ba-474f-81ee-7106be104d39/windows-7-clients-on-2003-domain-group-policy?forum=winserverGP


I have just tested W7 and W8 clients on a Server 2003 domain using my vmware test environment and the PCs seems to be picking up the settings I need. Will need a little tinkering but it will do for now, until they upgrade the server.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 100 total points
ID: 39841485
With RSAT on 7, you will only see policies up to the level of win7/server 2008 R2.
With 8, you see 8/2012 and with 8.1, you see 8.1/2012 R2.
0
 
LVL 1

Author Closing Comment

by:roy_batty
ID: 39861950
Thanks for clarifying this for me and a couple of other issues too.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question