Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Active Directory Group Policy Central Store

Posted on 2015-02-09
Medium Priority
Last Modified: 2015-04-08
Hi Guys,
I hope you are all well and can assist.
We currently run a 2003 server mixed mode domain, with 2003, 2008 and 2012 domain controllers.
What I would like to understand, is how many of you are using a group policy central store?
What are the pros and cons of using a central store?
Why switch to a central store?
Is it complicated to do?
Any help greatly appreciated.
Thank you.
Question by:Simon336697
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
LVL 11

Accepted Solution

Maclean earned 880 total points
ID: 40599741
1] You will not have as much bloat on the sysvol store. Instead of each policy replicating to each sysvol on all the DC's at approx 4mb each, creating lets say for 100 policies 400MB of "wasted" storage consumption, you could have all your bits in one centralized store using ADMX templates.

2] Domain Replication will improve, as it does not need to replicate all policies to each DC, which can be a pain on busy/slow networks

Consequence is that if you remove the Central Store, all Windows 7 & up plus Server 2008 R2 & up will loose their local ADMX files, and they won't be able to report properly to the AD,

It might be best described in this article on the subject from 2009. It describes more or less the same as I am trying to convey, but also offers an alternate suggestion.


Author Comment

ID: 40599752
HI Maclean, thanks so much mate for that overview, much appreciated.
LVL 24

Assisted Solution

VB ITS earned 760 total points
ID: 40600035
I wouldn't use a Group Policy Central store in your scenario.  While Maclean has nicely outlined the benefits of the Central Store, it's really bested suited in a scenario where all of your Domain Controllers are running the same versions of Windows Server.

In order to set up the Central Store, you need to copy over the .ADMX files from a given server into the Central Store location. The problem is if you pick to copy the .ADMX files from your 2008 DC then you won't be able to use the new GPOs introduced for Windows 8/Server 2012 to manage them.

If you copy the .ADMX files from your 2012 DCs then you won't be able to launch the Group Policy Management Console on any of your 2008 DCs, it'll just give you an error each time you launch it. You'll have to stick to modifying your Group Policies from your 2012 DCs or a Windows 8 PC with RSAT installed going forward.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

LVL 13

Assisted Solution

Rizzle earned 360 total points
ID: 40601132
I would advise on a Central Store, but copy the policy definitions folder from your 2008 DC to Sysvol\policies

But doing it this way wont give you the GP Templates which would be used to create policies for Win 8 clients etc etc

What you could which is something we're doing is, copy the policy definitions folder from your 2008 DC to Sysvol and then any other additional ADMX templates you need (IE Office 2013 or Win8) then copy these to the policy definitions folder as well.

New Operating system templates are backwards compatible so you'll get the 2012 settings and you'll get to keep the 2008/2008 R2 settings as well.

Just to let you know in my experience it isn't enough to just have the templates In the Central store but you would need to open GPMC from a Ws2012 or Win 8 client as VB ITS stated.

Could you tell us if you have any Windows 8/8.1 clients?
LVL 24

Expert Comment

ID: 40602303
Just to let you know in my experience it isn't enough to just have the templates In the Central store but you would need to open GPMC from a Ws2012 or Win 8 client as VB ITS stated.
If you have the 2008 ADMX files in the Central Store then managing the policies from a 2012 or Windows 8 machine won't make a difference as it'll still be looking at the 2008 ADMX version in the Central Store. You'll need to replace the existing .ADMX files in the Central Store with the 2012 ADMX files in order to properly manage Server 2012 and Windows 8 machines.
LVL 11

Expert Comment

ID: 40602571
VB ITS does have a valid point. With your DC's all mixed in versions I would also have to suggest not centralizing anything until you upgraded your other two DC's to e.g 2012. But the info is there if you need it at some point.

Author Comment

ID: 40711742
Thanks guys.

Author Closing Comment

ID: 40713661
Thanks everyone.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question