Solved

Group Policy Central Store and Administrative templates

Posted on 2016-08-02
3
110 Views
Last Modified: 2016-08-02
I'm looking into updating the Administrative Templates currently used in our DCs. I would like to install Windows 10 Administrative Templates.
The servers are Windows Server 2008 R2.
At the moment, the DCs are just pulling the templates locally from C:\Windows\PolicyDefinitions

Since there are multiple DCs, I'd rather not have to update this folder one by one, so I did some reading and found about the Central Store capability.
I know how to copy items to the sysvol folder and how it should work. I just want to confirm a few things before I make any change.

1. If after I create the FQDN\SYSVOL\domain\Policies folder, I leave the C:\Windows\PolicyDefinitions untouched, will the Group Policy editor ONLY read the .admx files in the sysvol folder?
So it will completely stop reading from the local PolicyDefinitions folder?

2. Is there any chance of the currently configured Group Policies breaking from this update?
Say because a certain policy was discontinued or its location changed in the 'Administrative Templates' hierarchy?
0
Comment
Question by:SeeDk
3 Comments
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 250 total points
ID: 41739499
1. Yes - The GPMC knows to look in the central store first before the local folder. Don't remove the local files.

2. No. ADMXs just allow the GPMC to know what settings are available to configure.
0
 
LVL 39

Accepted Solution

by:
Adam Brown earned 250 total points
ID: 41739500
1. If there is a Policies folder located at FQDN\SYSVOL\Domain\, GPMC will only read from that location for its Admin Templates data. Local policy requires that C:\Windows\Policydefinitions be there as well, so don't delete the files that are there. Just copy them.

2. Generally, no. The GPO data itself contains the information needed for computers to apply the policy. If there is a policy defined in a GPO that does not exist in the Administrative Templates used to build the policy editor, those settings will remain and cannot be changed (GPOs store the registry key information that is supposed to change based on the Administrative Template definitions).
0
 

Author Comment

by:SeeDk
ID: 41739841
Thank you, I will go ahead and create a store then.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question