Solved

Group Policy Central Store and Administrative templates

Posted on 2016-08-02
3
119 Views
Last Modified: 2016-08-02
I'm looking into updating the Administrative Templates currently used in our DCs. I would like to install Windows 10 Administrative Templates.
The servers are Windows Server 2008 R2.
At the moment, the DCs are just pulling the templates locally from C:\Windows\PolicyDefinitions

Since there are multiple DCs, I'd rather not have to update this folder one by one, so I did some reading and found about the Central Store capability.
I know how to copy items to the sysvol folder and how it should work. I just want to confirm a few things before I make any change.

1. If after I create the FQDN\SYSVOL\domain\Policies folder, I leave the C:\Windows\PolicyDefinitions untouched, will the Group Policy editor ONLY read the .admx files in the sysvol folder?
So it will completely stop reading from the local PolicyDefinitions folder?

2. Is there any chance of the currently configured Group Policies breaking from this update?
Say because a certain policy was discontinued or its location changed in the 'Administrative Templates' hierarchy?
0
Comment
Question by:SeeDk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 250 total points
ID: 41739499
1. Yes - The GPMC knows to look in the central store first before the local folder. Don't remove the local files.

2. No. ADMXs just allow the GPMC to know what settings are available to configure.
0
 
LVL 40

Accepted Solution

by:
Adam Brown earned 250 total points
ID: 41739500
1. If there is a Policies folder located at FQDN\SYSVOL\Domain\, GPMC will only read from that location for its Admin Templates data. Local policy requires that C:\Windows\Policydefinitions be there as well, so don't delete the files that are there. Just copy them.

2. Generally, no. The GPO data itself contains the information needed for computers to apply the policy. If there is a policy defined in a GPO that does not exist in the Administrative Templates used to build the policy editor, those settings will remain and cannot be changed (GPOs store the registry key information that is supposed to change based on the Administrative Template definitions).
0
 

Author Comment

by:SeeDk
ID: 41739841
Thank you, I will go ahead and create a store then.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Optimized for private cloud infrastructures and datacenters, Nano Server is minimalistic, yet super-efficient, OS for services such as Hyper-V and Hyper-V cluster. Learn how you can easily deploy Nano Server and unlock its power!
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question