Solved

Group Policy Central Store and Administrative templates

Posted on 2016-08-02
3
126 Views
Last Modified: 2016-08-02
I'm looking into updating the Administrative Templates currently used in our DCs. I would like to install Windows 10 Administrative Templates.
The servers are Windows Server 2008 R2.
At the moment, the DCs are just pulling the templates locally from C:\Windows\PolicyDefinitions

Since there are multiple DCs, I'd rather not have to update this folder one by one, so I did some reading and found about the Central Store capability.
I know how to copy items to the sysvol folder and how it should work. I just want to confirm a few things before I make any change.

1. If after I create the FQDN\SYSVOL\domain\Policies folder, I leave the C:\Windows\PolicyDefinitions untouched, will the Group Policy editor ONLY read the .admx files in the sysvol folder?
So it will completely stop reading from the local PolicyDefinitions folder?

2. Is there any chance of the currently configured Group Policies breaking from this update?
Say because a certain policy was discontinued or its location changed in the 'Administrative Templates' hierarchy?
0
Comment
Question by:SeeDk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 250 total points
ID: 41739499
1. Yes - The GPMC knows to look in the central store first before the local folder. Don't remove the local files.

2. No. ADMXs just allow the GPMC to know what settings are available to configure.
0
 
LVL 40

Accepted Solution

by:
Adam Brown earned 250 total points
ID: 41739500
1. If there is a Policies folder located at FQDN\SYSVOL\Domain\, GPMC will only read from that location for its Admin Templates data. Local policy requires that C:\Windows\Policydefinitions be there as well, so don't delete the files that are there. Just copy them.

2. Generally, no. The GPO data itself contains the information needed for computers to apply the policy. If there is a policy defined in a GPO that does not exist in the Administrative Templates used to build the policy editor, those settings will remain and cannot be changed (GPOs store the registry key information that is supposed to change based on the Administrative Template definitions).
0
 

Author Comment

by:SeeDk
ID: 41739841
Thank you, I will go ahead and create a store then.
0

Featured Post

SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question