Solved

Group Policy Central Store and Administrative templates

Posted on 2016-08-02
3
137 Views
Last Modified: 2016-08-02
I'm looking into updating the Administrative Templates currently used in our DCs. I would like to install Windows 10 Administrative Templates.
The servers are Windows Server 2008 R2.
At the moment, the DCs are just pulling the templates locally from C:\Windows\PolicyDefinitions

Since there are multiple DCs, I'd rather not have to update this folder one by one, so I did some reading and found about the Central Store capability.
I know how to copy items to the sysvol folder and how it should work. I just want to confirm a few things before I make any change.

1. If after I create the FQDN\SYSVOL\domain\Policies folder, I leave the C:\Windows\PolicyDefinitions untouched, will the Group Policy editor ONLY read the .admx files in the sysvol folder?
So it will completely stop reading from the local PolicyDefinitions folder?

2. Is there any chance of the currently configured Group Policies breaking from this update?
Say because a certain policy was discontinued or its location changed in the 'Administrative Templates' hierarchy?
0
Comment
Question by:SeeDk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 250 total points
ID: 41739499
1. Yes - The GPMC knows to look in the central store first before the local folder. Don't remove the local files.

2. No. ADMXs just allow the GPMC to know what settings are available to configure.
0
 
LVL 41

Accepted Solution

by:
Adam Brown earned 250 total points
ID: 41739500
1. If there is a Policies folder located at FQDN\SYSVOL\Domain\, GPMC will only read from that location for its Admin Templates data. Local policy requires that C:\Windows\Policydefinitions be there as well, so don't delete the files that are there. Just copy them.

2. Generally, no. The GPO data itself contains the information needed for computers to apply the policy. If there is a policy defined in a GPO that does not exist in the Administrative Templates used to build the policy editor, those settings will remain and cannot be changed (GPOs store the registry key information that is supposed to change based on the Administrative Template definitions).
0
 

Author Comment

by:SeeDk
ID: 41739841
Thank you, I will go ahead and create a store then.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question