Central Store for Group Policy


we have some windows 2003 and windows 2008 domain controllers in our environment. I was reading up on group policies and i stumbled across this article -


is it a good practice to move group policies to a central store if so what are the benefits and the risks? i need to configure IE 11 but don’t see that in windows 2008?

Please can someone explain in simple term about moving the policies and how it should done?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

StuartTechnical Architect - CloudCommented:
Centralising the policies means you can keep the ADMX files updated in a central location. All your administrators group policy tools will check this and make use of them.

I would highly recommend this.

To enable this create the root folder for the central store

<domain name\Sysvol\domain\policies\policydefinitions

then create a sub folder for each language eg en-us

Finally populate this folder with all the ADMX files from a windows 2012 R2 server located %systemroot%\PolicyDefinitions\En-Us for example

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StuartTechnical Architect - CloudCommented:
https://msdn.microsoft.com/en-us/library/bb530196.aspx - review the creating a central store for further guidance
David Johnson, CD, MVPOwnerCommented:
i need to configure IE 11 but don’t see that in windows 2008
download and install https://www.microsoft.com/en-ca/download/details.aspx?id=40905
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

badabing1Author Commented:
im a little confused, so when i browse to <domain name\Sysvol\domain\policies\ i see some policies in there, what happens to these when i create a central store?

if i create a central store <domain name\Sysvol\domain\policies\policydefinitions do i copy files into this level or into this level \en-us ? what are the risks to existing policies?

in my original post link it said something about deleting adm files?
StuartTechnical Architect - CloudCommented:
You place the ADMX files into the en-us folder, don't touch any of the existing items in your policies folder these are your domains GPO's
StuartTechnical Architect - CloudCommented:
This was the link in meant to paste in :$ - https://msdn.microsoft.com/en-us/library/bb530196.aspx

Look at the create a central store piece
David Johnson, CD, MVPOwnerCommented:
You place the ADMX files into the en-us folder, don't touch any of the existing items in your policies folder these are your domains GPO'sno you place the .admx in the PolicyDefinitions folder and also copy the subfolders into the language i.e. en-us folder. these will be .adml files (overwrite as required) cd..

Policy definitions are NOT group policies but templates to create a group policy. so in the sysvol folder you will have domain\policies\policydefinitions AND your group policies identified by a GUID {12345678-12345678-1ABCDEF-2DEFGH}

Directory of C:\Windows\SYSVOL\domain\Policies

14-Sep-2015  11:07 AM    <DIR>          .
14-Sep-2015  11:07 AM    <DIR>          ..
14-Sep-2015  11:08 AM    <DIR>          PolicyDefinitions
12-Sep-2015  01:03 AM    <DIR>          {31B2F340-016D-11D2-945F-00C04FB984F9}
12-Sep-2015  03:46 PM    <DIR>          {4324B97F-9EA7-430F-AC0C-58E37E4DF514}
12-Sep-2015  01:03 AM    <DIR>          {6AC1786C-016F-11D2-945F-00C04fB984F9}
12-Sep-2015  03:49 PM    <DIR>          {A3FA7798-96B5-48DD-B4E3-1D1EC8274798}
13-Sep-2015  05:05 PM    <DIR>          {F393ED75-690C-4C4E-9766-95892CD718F5}
               0 File(s)              0 bytes

Open in new window

badabing1Author Commented:
i need to configure IE 11 but don’t see that in windows 2008
 download and install https://www.microsoft.com/en-ca/download/details.aspx?id=40905 

hi david

i cant install, access denied?
David Johnson, CD, MVPOwnerCommented:
you have to runas administrator
badabing1Author Commented:
i logged on the server as the domain administrator and also tried to run as but still same error? screen1.PNG
badabing1Author Commented:
i had to create - central store <domain name\Sysvol\domain\policies\policydefinitions and copy files in there, im not sure why i am not able to copy files to local policy folder on a server.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.