none
Consolidate Templates and update to 2012

    Question

  • What I've been handed: we have four DC's - (1) 2003 (yup, a bit behind here), (1) 2008 and (2) 2012 R2 and our plan is to build some 2012 R2 DC's to replace the 2003 and 2008 DC.  They never built a central store and, over the years, seems they have built a lot of custom ADM's - and it seems from various local machines or DC's.  It doesn't seem there is any consistency in where these ADM's were stored.

    I'm planning on building a new central store now but as I don't know where all the original ADM's are located, I'm not sure how to go about making sure I have all of them to copy to the central store.  Is there a way to tell from the Group Policies themselves, what ADM (what ADM template name) the GP was created from so I can try and locate them across the various machines?

    Appreciate the help!

    Friday, May 06, 2016 9:56 PM

Answers

  • ADM files don't go into a CS - a CS only deals with ADMX/ADML.

    ADM files are the older method, which would typically be initially placed at c:\windows\inf\ and you then "add" into a policy object so you can use the settings within that ADM, and in doing so, the ADM file is copied into the policy folder on sysvol for that policy.

    That means that there will be multiple copies of the ADM files sprayed throughout sysvol.

    I'm not aware of a method to identify which ADM was used to author settings into a policy by examining the policy - but when you examine a policy via GPMC/GPME and view the RSoP, if the machine you're using GPMC upon doesn't have a template (or can't access a template) which describes/defines the settings, RSoP will show you an "extra registry settings" section and that is the indicator that you are looking at a policy for which no template could be found.

    "custom" ADMs could have been used for non-Microsoft settings/products, so be aware that you may need to consider looking at third party product updates, or, re-crafting custom ADMs into custom ADMX/ADML, or, migrating custom stuff away from classic GP over to GPP-Registry.

    There may be some utilities or methods around to help with your mission, check https://sdmsoftware.com/gpoguy/resources/ and the various GPO MVP blogs is a good place to start.


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Saturday, May 07, 2016 12:04 AM
  • > way to tell from the Group Policies themselves, what ADM (what ADM
    > template name) the GP was created from so I can try and locate them
    > across the various machines?
     
    Without further configuration, all custom ADM templates are copied to
    the GPO Sysvol folder upon adding them. So you can do a simple "dir
    *.adm /s" and ignore the standard ADM templates (system, wuau, inetres,
    conf and wmplayer).
     
    As Don said, there's no link between a given setting and the ADM file
    used to implement that setting. The GP Result Report picks the first
    matching ADM file, but you can define the same setting in different ADM
    files representing different paths in the GPEdit console tree. Enabling
    one of them will - surprise - enable all of them :-)
     
    Monday, May 09, 2016 11:07 AM

All replies

  • ADM files don't go into a CS - a CS only deals with ADMX/ADML.

    ADM files are the older method, which would typically be initially placed at c:\windows\inf\ and you then "add" into a policy object so you can use the settings within that ADM, and in doing so, the ADM file is copied into the policy folder on sysvol for that policy.

    That means that there will be multiple copies of the ADM files sprayed throughout sysvol.

    I'm not aware of a method to identify which ADM was used to author settings into a policy by examining the policy - but when you examine a policy via GPMC/GPME and view the RSoP, if the machine you're using GPMC upon doesn't have a template (or can't access a template) which describes/defines the settings, RSoP will show you an "extra registry settings" section and that is the indicator that you are looking at a policy for which no template could be found.

    "custom" ADMs could have been used for non-Microsoft settings/products, so be aware that you may need to consider looking at third party product updates, or, re-crafting custom ADMs into custom ADMX/ADML, or, migrating custom stuff away from classic GP over to GPP-Registry.

    There may be some utilities or methods around to help with your mission, check https://sdmsoftware.com/gpoguy/resources/ and the various GPO MVP blogs is a good place to start.


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Saturday, May 07, 2016 12:04 AM
  • Don, that helps clear up a lot and I'll look into your suggestions.

    Thanks!

    Saturday, May 07, 2016 12:56 AM
  • > way to tell from the Group Policies themselves, what ADM (what ADM
    > template name) the GP was created from so I can try and locate them
    > across the various machines?
     
    Without further configuration, all custom ADM templates are copied to
    the GPO Sysvol folder upon adding them. So you can do a simple "dir
    *.adm /s" and ignore the standard ADM templates (system, wuau, inetres,
    conf and wmplayer).
     
    As Don said, there's no link between a given setting and the ADM file
    used to implement that setting. The GP Result Report picks the first
    matching ADM file, but you can define the same setting in different ADM
    files representing different paths in the GPEdit console tree. Enabling
    one of them will - surprise - enable all of them :-)
     
    Monday, May 09, 2016 11:07 AM