?
Solved

Group Policy Central Store and Administrative templates

Posted on 2016-08-02
3
Medium Priority
?
156 Views
Last Modified: 2016-08-02
I'm looking into updating the Administrative Templates currently used in our DCs. I would like to install Windows 10 Administrative Templates.
The servers are Windows Server 2008 R2.
At the moment, the DCs are just pulling the templates locally from C:\Windows\PolicyDefinitions

Since there are multiple DCs, I'd rather not have to update this folder one by one, so I did some reading and found about the Central Store capability.
I know how to copy items to the sysvol folder and how it should work. I just want to confirm a few things before I make any change.

1. If after I create the FQDN\SYSVOL\domain\Policies folder, I leave the C:\Windows\PolicyDefinitions untouched, will the Group Policy editor ONLY read the .admx files in the sysvol folder?
So it will completely stop reading from the local PolicyDefinitions folder?

2. Is there any chance of the currently configured Group Policies breaking from this update?
Say because a certain policy was discontinued or its location changed in the 'Administrative Templates' hierarchy?
0
Comment
Question by:SeeDk
3 Comments
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 1000 total points
ID: 41739499
1. Yes - The GPMC knows to look in the central store first before the local folder. Don't remove the local files.

2. No. ADMXs just allow the GPMC to know what settings are available to configure.
0
 
LVL 44

Accepted Solution

by:
Adam Brown earned 1000 total points
ID: 41739500
1. If there is a Policies folder located at FQDN\SYSVOL\Domain\, GPMC will only read from that location for its Admin Templates data. Local policy requires that C:\Windows\Policydefinitions be there as well, so don't delete the files that are there. Just copy them.

2. Generally, no. The GPO data itself contains the information needed for computers to apply the policy. If there is a policy defined in a GPO that does not exist in the Administrative Templates used to build the policy editor, those settings will remain and cannot be changed (GPOs store the registry key information that is supposed to change based on the Administrative Template definitions).
0
 

Author Comment

by:SeeDk
ID: 41739841
Thank you, I will go ahead and create a store then.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension . This reminded me of questions that come up here at EE along the lines of, "How can I tell the type of file from its cont…
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it'…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question