locked
Group Polices and other resources RRS feed

  • General discussion

  •  Here is a group of resources for you on Vista and group policies and the new ADMX structure.

    ------------------------------------------ 

     

    Windows Vista Security Guide

    Brief Description

    The Windows Vista Security Guide provides recommendations and tools to further harden Windows Vista. Use the GPOAccelerator tool in this Solution Accelerator to efficiently establish the Enterprise Client (EC) environment or the Specialized Security – Limited Functionality (SSLF) environment.

    http://www.microsoft.com/downloads/details.aspx?FamilyID=a3d1bbed-7f35-4e72-bfb5-b84a526c1565&DisplayLang=en

     

    Deploying Group Policy Using Windows Vista

     

    Some situations require an understanding of how ADMX files are structured and the location where they are stored. The Group Policy tools included with Windows Vista or Windows Server "Longhorn" will recognize both ADMX and ADM files. The Group Policy tools included with Windows Server 2003 and earlier versions of Windows will recognize only ADM files.

    Unlike ADM files, ADMX files are not stored in individual GPOs. For domain-based enterprises, you can optionally create a central store location of ADMX files that is accessible to anyone with permission to create or edit GPOs. Group Policy tools will continue to recognize custom ADM files associated with existing GPOs, but will ignore any ADM file that has been superseded by ADMX files: System.adm, Inetres.adm, Conf.adm, Wmplayer.adm, and Wuau.adm.

    Group Policy Object Editor automatically reads and displays Administrative Template policy settings based on ADMX files that are stored either locally or in the optional ADMX central store. Group Policy Object Editor will automatically display Administrative Template policy settings defined in custom ADM files stored in the GPO. You can still add or remove custom ADM files to a GPO with the Add/Remove template menu option. All Group Policy settings currently in ADM files delivered by Windows Server 2003, Windows XP, and Windows 2000 will also be available in Windows Vista and Windows Server "Longhorn" ADMX files.

     

    http://technet2.microsoft.com/WindowsVista/en/library/5ae8da2a-878e-48db-a3c1-4be6ac7cf7631033.mspx?mfr=true

    -----------------------------------------------------------------------------------

    Group Policy Settings Reference Windows Vista

    Brief Description

    This spreadsheet lists the policy settings for computer and user configurations included in the administrative template files (admx/adml) delivered with Windows Vista (RTM build 6000).

    http://www.microsoft.com/downloads/details.aspx?FamilyID=41dc179b-3328-4350-ade1-c0d9289f09ef&DisplayLang=en

    ----------------------------------------------------

    Step-by-Step Guide to Managing Multiple Local Group Policy Objects

    http://technet2.microsoft.com/WindowsVista/en/library/9c7ecc7d-8784-4b8d-ba1f-ba1882ba83741033.mspx?mfr=true

    -------------------------------------------------

    ADMX Technology Review

    Administrative Template files contain markup language that is used to describe registry-based Group Policy. First released in Windows NT 4, Administrative Template files used a unique file format known as ADM files. In Windows Vista, these files are replaced by an XML-based file format known as ADMX files. These new Administrative Template files make it easier to manage registry-based policy settings in Windows Vista and Windows Server "Longhorn".

    In Windows Vista, ADMX files are divided into language-neutral (.admx files) and language-specific resources (.adml files), available to all Group Policy administrators. These factors allow Group Policy tools to adjust their UI according to the administrator's configured language. Adding a new language to a set of policy definitions is achieved by ensuring that the language-specific resource file is available.

    --------------------------------------

    Managing Group Policy ADMX Files Step-by-Step Guide

    http://www.microsoft.com/technet/windowsvista/library/02633470-396c-4e34-971a-0c5b090dc4fd.mspx

    ----------------------------------------

    ADMX Migrator

    Brief Description

    The ADMX Migrator is a snap-in for the Microsoft Management Console (MMC) that simplifies the process of converting your existing Group Policy ADM Templates to the new ADMX format and provides a graphical user interface for creating and editing Administrative Templates.

    http://www.microsoft.com/downloads/details.aspx?familyid=0F1EEC3D-10C4-4B5F-9625-97C2F731090C&displaylang=en

    -------------
    Friday, December 8, 2006 1:54 PM

All replies

  • I installed the Windows Vista Security Guide and imported the default security settings, which enabled UAC, disabled the admin account, set the password minimal length restrictions policies, basically broke down my system. The funny thing was that I disabled all the necessary services UAC requires to run. I didn't need them, because I disabled UAC. But the security guard re-enabled it with rather unpleasant consequences. I couldn't get access to the registry, any MMC snap-ins, nothing. UAC would kick in, but because the services it needed to run were disabled, it couldn't even ask me for permission. An eternal loop and a devil's circle - without access to gpedit, secpol or the registry I couldn't re-enable the services or disable UAC, and UAC didn't give me access to these tools. Finally I booted to safe mode and disabled UAC there. The admin account was disabled by that time, but strangely enough, my own admin account was still working. Thank god my account was granted admin rights. It is a riddle to me though, why it wasn't disabled either, because my own account doesn't require a password either.

    Microsoft tries to make the system more secure, but this example just shows that UAC is worse than a virus, it breaks the system completely. A virus may damage system files, preventing them from working. But UAC does exactly the same, it refuses access to files, so the system is still operational, but the user does not have access to it.

    Saturday, March 24, 2007 9:15 PM
  •  JAYTF Security Forum Moderator wrote:

     Here is a group of resources for you on Vista and group policies and the new ADMX structure.

    ------------------------------------------ 

     

    Windows Vista Security Guide

    Brief Description

    The Windows Vista Security Guide provides recommendations and tools to further harden Windows Vista. Use the GPOAccelerator tool in this Solution Accelerator to efficiently establish the Enterprise Client (EC) environment or the Specialized Security – Limited Functionality (SSLF) environment.

    http://www.microsoft.com/downloads/details.aspx?FamilyID=a3d1bbed-7f35-4e72-bfb5-b84a526c1565&DisplayLang=en

     

    Deploying Group Policy Using Windows Vista

     

    Some situations require an understanding of how ADMX files are structured and the location where they are stored. The Group Policy tools included with Windows Vista or Windows Server "Longhorn" will recognize both ADMX and ADM files. The Group Policy tools included with Windows Server 2003 and earlier versions of Windows will recognize only ADM files.

    Unlike ADM files, ADMX files are not stored in individual GPOs. For domain-based enterprises, you can optionally create a central store location of ADMX files that is accessible to anyone with permission to create or edit GPOs. Group Policy tools will continue to recognize custom ADM files associated with existing GPOs, but will ignore any ADM file that has been superseded by ADMX files: System.adm, Inetres.adm, Conf.adm, Wmplayer.adm, and Wuau.adm.

    Group Policy Object Editor automatically reads and displays Administrative Template policy settings based on ADMX files that are stored either locally or in the optional ADMX central store. Group Policy Object Editor will automatically display Administrative Template policy settings defined in custom ADM files stored in the GPO. You can still add or remove custom ADM files to a GPO with the Add/Remove template menu option. All Group Policy settings currently in ADM files delivered by Windows Server 2003, Windows XP, and Windows 2000 will also be available in Windows Vista and Windows Server "Longhorn" ADMX files.

     

    http://technet2.microsoft.com/WindowsVista/en/library/5ae8da2a-878e-48db-a3c1-4be6ac7cf7631033.mspx?mfr=true

    -----------------------------------------------------------------------------------

    Group Policy Settings Reference Windows Vista

    Brief Description

    This spreadsheet lists the policy settings for computer and user configurations included in the administrative template files (admx/adml) delivered with Windows Vista (RTM build 6000).

    http://www.microsoft.com/downloads/details.aspx?FamilyID=41dc179b-3328-4350-ade1-c0d9289f09ef&DisplayLang=en

    ----------------------------------------------------

    Step-by-Step Guide to Managing Multiple Local Group Policy Objects

    http://technet2.microsoft.com/WindowsVista/en/library/9c7ecc7d-8784-4b8d-ba1f-ba1882ba83741033.mspx?mfr=true

    -------------------------------------------------

    ADMX Technology Review

    Administrative Template files contain markup language that is used to describe registry-based Group Policy. First released in Windows NT 4, Administrative Template files used a unique file format known as ADM files. In Windows Vista, these files are replaced by an XML-based file format known as ADMX files. These new Administrative Template files make it easier to manage registry-based policy settings in Windows Vista and Windows Server "Longhorn".

    In Windows Vista, ADMX files are divided into language-neutral (.admx files) and language-specific resources (.adml files), available to all Group Policy administrators. These factors allow Group Policy tools to adjust their UI according to the administrator's configured language. Adding a new language to a set of policy definitions is achieved by ensuring that the language-specific resource file is available.

    --------------------------------------

    Managing Group Policy ADMX Files Step-by-Step Guide

    http://www.microsoft.com/technet/windowsvista/library/02633470-396c-4e34-971a-0c5b090dc4fd.mspx

    ----------------------------------------

    ADMX Migrator

    Brief Description

    The ADMX Migrator is a snap-in for the Microsoft Management Console (MMC) that simplifies the process of converting your existing Group Policy ADM Templates to the new ADMX format and provides a graphical user interface for creating and editing Administrative Templates.

    http://www.microsoft.com/downloads/details.aspx?familyid=0F1EEC3D-10C4-4B5F-9625-97C2F731090C&displaylang=en

    -------------

    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    http://forums.microsoft.com/TechNet/showpost.aspx?postid=3917180&siteid=17
    Wednesday, October 1, 2008 6:54 PM
  • HI, Due to some technical difficulties, I had to reinstall my Windows Vista Business, now I can't change my Appearance Settings, I get the following message "Your system Administrator has disabled launching of the Display Settings Control Panel" I am the system administrtor, please help! the Windows Vista Basic theme is so plain and it deffinetly doesn't go with my lap top's personality.

    I'm looking for step by step  instructions on how to solve this please consider I'm a regular windows user when you provide the solution, many of the terms posted here I can't really understand... PLEASE HELP!

     

    Thank you in advance.

     

    Gilviz

    Thursday, December 4, 2008 3:55 PM
  • And, don't forget the TechNet Group Policy fundamentals webcasts.
    Friday, February 13, 2009 10:57 PM
  • yeah i got the same exact problem but with se7en, http://social.answers.microsoft.com/Forums/en-US/w7desktop/thread/6eb383c7-5616-4a7d-b59b-720d0d538639
    Saturday, January 2, 2010 11:20 PM