locked
GPO Central Store in a DC 2008 and DC 2003 environment RRS feed

  • Question

  • Is is possible to use a central store for ADMX definitions if not all of your domain controllers are running 2008 R2. Some DCs are running Server 2003? What are the ramifications of doing this?
    GD
    Monday, April 4, 2011 4:08 PM

Answers

  • Hi Gary,

    If you don't have any custom ADM files but the standard ones, you don't have to copy any ADM file in the new Central Store. All of the settings in ADM files are in the new ADMX files, so the translation from the INF folder to the new Central Store will be smooth like velvet. Trust me on this, I've been there and did it.


    " Never panic before reboot ! "

     

    Monday, April 4, 2011 6:53 PM
  • Hi,

     

    As Voldar mentioned the .admx files in Windows Server 2008 R2 have already included the Group Policy settings for Windows XP and above operating systems. It is not necessary to copy the .adm files to Central Store.

     

    I also would like to share you the following Microsoft KB article and TechNet blog to understand Central Store:

     

    How to create a Central Store for Group Policy Administrative Templates in Window Vista

    http://support.microsoft.com/kb/929841

     

    Windows 7, Windows Server 2008 R2 and the Group Policy Central Store

    http://blogs.technet.com/b/askds/archive/2009/12/09/windows-7-windows-server-2008-r2-and-the-group-policy-central-store.aspx

    Regards,

     

    Arthur Li

     TechNet Subscriber Support  in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com . 


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by GaryDunlop Tuesday, April 5, 2011 1:31 PM
    Tuesday, April 5, 2011 2:57 AM
  • Hi Gary,

    The GPO in Sysvol folder doesn't contain any ADM files.


    " Never panic before reboot ! "
    • Marked as answer by GaryDunlop Wednesday, April 6, 2011 1:43 PM
    Wednesday, April 6, 2011 1:41 PM

All replies

  • Yes, it is possible to use a Central Store into a mixed environment (2003-2008).

    The only thing you have to remember is that from now on, you'll not be able to use Group Policies console on your Windows 2003 DC servers. You either use the Windows 2008 or Windows 7 to create/manage them.


    " Never panic before reboot ! "
    Monday, April 4, 2011 4:58 PM
  • Great - now to take that thought a step further.

    We have an existing Win 2003 domain with 2500 XP desktops spread over a head office and 4 branch locations. The existing GPOs are ADMs (of course). We are deploying Windows 7 to all desktops and want to review and update GPOs for Win7. Will we have to re-create all our exiting GPOs using the ADMX templates from Win 7 and Server 2008 R2?  I know that an ADMX Migrator exists, but have never tried it. Our current GPOs have nothing exotic in them. Has anyone used the migrator? I have not seen much in the way of guidance on what to do about existing GPOs based on ADM files. 


    GD
    Monday, April 4, 2011 6:14 PM
  • Hi Gary,

    No, you don't need to change your ADM files to ADMX. Just copy those custom ADM files you created to the PolicyDefinitions folder containing the Windows 7/Windows 2008 R2 ADMX files (in your Central Store). By default, once you created the Central Store, every policy will look for its ADM(X) files in the new location.

    P.S. Do this in the initial step. Then, you can transform one by one your ADM files to ADMX if you really want to or even better, loose those who already have a corespondent in the new ADMX files (like Favorites redirection, USB restrictions etc.).


    " Never panic before reboot ! "
    Monday, April 4, 2011 6:19 PM
  • That is good - we don't actually have any 'custom' ADMs, we just have fairly standard desktop policies controlling our XP environment. 

    But going forward for the long term I guess we should get away from those old ADM based GPOs (a few dozen) and look at converting or re-creating our current GPOs using the new ADMX templates. Most of our current desktop and user settings will not change just because we move to Win 7 be we should change the format of them to get the most benefit from ADMX.

    Thoughts?


    GD
    Monday, April 4, 2011 6:48 PM
  • Hi Gary,

    If you don't have any custom ADM files but the standard ones, you don't have to copy any ADM file in the new Central Store. All of the settings in ADM files are in the new ADMX files, so the translation from the INF folder to the new Central Store will be smooth like velvet. Trust me on this, I've been there and did it.


    " Never panic before reboot ! "

     

    Monday, April 4, 2011 6:53 PM
  • Hi,

     

    As Voldar mentioned the .admx files in Windows Server 2008 R2 have already included the Group Policy settings for Windows XP and above operating systems. It is not necessary to copy the .adm files to Central Store.

     

    I also would like to share you the following Microsoft KB article and TechNet blog to understand Central Store:

     

    How to create a Central Store for Group Policy Administrative Templates in Window Vista

    http://support.microsoft.com/kb/929841

     

    Windows 7, Windows Server 2008 R2 and the Group Policy Central Store

    http://blogs.technet.com/b/askds/archive/2009/12/09/windows-7-windows-server-2008-r2-and-the-group-policy-central-store.aspx

    Regards,

     

    Arthur Li

     TechNet Subscriber Support  in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com . 


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by GaryDunlop Tuesday, April 5, 2011 1:31 PM
    Tuesday, April 5, 2011 2:57 AM
  • Thanks - I get it

    My last part of the equation is this.  Lets say we have 50 exisitng GPOs that were created based on ADM templates.  Therefore we already have a fair amount of sysvol bloat.  How do we get rid of that? Will opening an existing GPO using ADMX templates get rid of the ADM files for that GPO in Sysvol?  Do we have to delete and recreate the GPOs to get rid of sysvol bloat?


    GD
    Tuesday, April 5, 2011 1:58 PM
  • Hi Gary,

    The GPO in Sysvol folder doesn't contain any ADM files.


    " Never panic before reboot ! "
    • Marked as answer by GaryDunlop Wednesday, April 6, 2011 1:43 PM
    Wednesday, April 6, 2011 1:41 PM