Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.
Group Policy not showing ADM
Hi Experts,
I am fairly new to Group Policy, and I am creating a new GPO under a test OU containing test user accounts. My Domain Controller is running on Win Server 2008 R2.
I can see that, in the Default Doman Policy, I can browse to "User Configuration > Policies > Administrative Templates: policy definitions (ADMX files) retrieved from the central store >Classic Administrative Templates
But I have created another GPO in a child OU, and I am unable to browse down to 'Classic Administrative Templates' as this option is not there.
My goal is to 'prevent users from using registry editing tools' but I am struggling to find this; and obviously don't want to set this at 'Default Domain Policy' level, as this will affect Domain Administrators.
So I suppose there are two possible solutions out there for me, either learn how to get 'Classic Administrative Templates' or if someone could tell me where to find the policy to restrict users accessing the registry editor.
Thanks
I am fairly new to Group Policy, and I am creating a new GPO under a test OU containing test user accounts. My Domain Controller is running on Win Server 2008 R2.
I can see that, in the Default Doman Policy, I can browse to "User Configuration > Policies > Administrative Templates: policy definitions (ADMX files) retrieved from the central store >Classic Administrative Templates
But I have created another GPO in a child OU, and I am unable to browse down to 'Classic Administrative Templates' as this option is not there.
My goal is to 'prevent users from using registry editing tools' but I am struggling to find this; and obviously don't want to set this at 'Default Domain Policy' level, as this will affect Domain Administrators.
So I suppose there are two possible solutions out there for me, either learn how to get 'Classic Administrative Templates' or if someone could tell me where to find the policy to restrict users accessing the registry editor.
Thanks
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
LVL 87
Guessing the users are local administrators of their machines.. standard users can't edit the registry
on DC you will need to add the templates to central store i guess. Kindly refer below link which will help you
https://technet.microsoft.com/en-us/library/cc772560.aspx
https://technet.microsoft.com/en-us/library/cc772560.aspx
Is this a new DC installation or upgraded one? Seems like it requires updating the group policy central store to the latest version of the .admx/.adml files. If you could post a screen shot of the issue, that would guide us to give you an exact solution.
To update the group policy central store with latest .admx/.adml files, refer the below link,
http://myitforum.com/myitforumwp/2012/04/12/updating-group-policy-central-store/
Zac.
To update the group policy central store with latest .admx/.adml files, refer the below link,
http://myitforum.com/myitforumwp/2012/04/12/updating-group-policy-central-store/
Zac.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
HI Zacharia Kurian,
I am new to the organisation, so I am not sure how this DC was set up, I have a feeling It is an upgrade. I have added two attachments, showing the Default Domain Policy, and a test policy I set up which is obviously different.
If a patch needs to be downloaded from Microsoft, then this has probably already been done, as we do already have policies with 'Classic Administrative Template'
I just need pointing in the right direction of how to apply these ADM files to policies, or when creating a new policies.
Apologies for the delayed response, I'm in a new role and it's busy.
Default-Domain-Policy.jpg
Test-policy.jpg
I am new to the organisation, so I am not sure how this DC was set up, I have a feeling It is an upgrade. I have added two attachments, showing the Default Domain Policy, and a test policy I set up which is obviously different.
If a patch needs to be downloaded from Microsoft, then this has probably already been done, as we do already have policies with 'Classic Administrative Template'
I just need pointing in the right direction of how to apply these ADM files to policies, or when creating a new policies.
Apologies for the delayed response, I'm in a new role and it's busy.
Default-Domain-Policy.jpg
Test-policy.jpg
Looks like you have issues with your central GPO. So follow the above link and update the polices. But always take a full backup of your GPOs + make a copy of the default domain policy and default domain controller policy too.
There is a video link in the in the posted link in my first reply. There is no harm in updating the central GPOs with the latest ones.
Zac.
There is a video link in the in the posted link in my first reply. There is no harm in updating the central GPOs with the latest ones.
Zac.
Zac,
I will give this a try tonight, after backing up GPO's and taking a snapshot of the DC - I'll update this when I've attempted
I will give this a try tonight, after backing up GPO's and taking a snapshot of the DC - I'll update this when I've attempted
zac,
I will be taking backups of the DC, but will this mess up or affect my existing GPO's?
Or will it just add the 'classic administrative templates' to the existing GPOs?
OR, will this just fix the issue for future GPO's I create?
I will be taking backups of the DC, but will this mess up or affect my existing GPO's?
Or will it just add the 'classic administrative templates' to the existing GPOs?
OR, will this just fix the issue for future GPO's I create?
It will just update your central GPO store. Your current settings wouldn't change. But to be on the safe side, make sure to take a full backup of your GPOs.
Zac.
Zac.
Hi Zac,
I have carried out this procedure to update the ADMX files and it all went along fine by the looks of it... I'm just going to log in as a normal user on Citrix to make sure everything looks to be in order
However, this has still not given me the option of 'classic administrative templates'
Any advise?
I have carried out this procedure to update the ADMX files and it all went along fine by the looks of it... I'm just going to log in as a normal user on Citrix to make sure everything looks to be in order
However, this has still not given me the option of 'classic administrative templates'
Any advise?
I did create a new GPO, and the 'administrative templates' does say that it has updated from the central store, but I cannot find 'classic administrative templates'
A bit weird. How many DCs do you have?
Could you check \\dc1\SYSVOL\domain.com\Po
and then \\domain\SYSVOL\domain.com
For the first path you should have a folder named "PolicyDefinitions" and then GPO ids of your existing GPOs at the time migration. For the second path, you should have all the .admx and in "en-US" all the adml files.
Zac.
Could you check \\dc1\SYSVOL\domain.com\Po
and then \\domain\SYSVOL\domain.com
For the first path you should have a folder named "PolicyDefinitions" and then GPO ids of your existing GPOs at the time migration. For the second path, you should have all the .admx and in "en-US" all the adml files.
Zac.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IT Administration
From novice to tech pro — start learning today.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.