20
mar
0

Add Administrative Templates to a Group Policy Object in Windows Server 2008 Domain

Overview

With Microsoft Windows Server 2008 and 2008 R2, there is a new file format for the Administrative Templates that controls and standardizes the operating system and software in Active Directory domains.

Administrative Templates for GPOs are used to set and control the registry. There are hundreds of Administrative Templates available for Windows Server in 2008. For Beta BitTorrent Sync Beta Adds File Versioning, Android App [PPA] » href= »http://www.adminreseau.fr/bittorrent-sync-beta-adds-file-versioning-android-app-ppa/ »>Adds Support For Creating And Editing Notes, More [Android] » href= »http://www.adminreseau.fr/tomdroid-0-7-beta-adds-support-for-creating-and-editing-notes-more-android/ »>more details, you can see our article: Understanding Administrative Templates in Windows Server 2008.

Test Drive: Exchange & Mobile Device Management Tool

Mailscape is an award-winning Exchange and mobile device management tool that provides monitoring, reporting and administrative capabilities in a single, affordable solution.

Installed in minutes, easy to deploy, and intuitive enough for the help desk to use, Mailscape lets you manage your entire environment in a sleek, one look dashboard.

Test Drive Mailscape Today!!

Administrative Template Types

You are not limited to the Administrative Templates that come in Windows Server 2008 by default. For example, if your environment uses Office 2010, you can download and install the Office 2010 Administrative Templates that will allow you to configure settings for almost every aspect of all of the different software components in Office 2010, from the commonly used Word and Excel, to the more specialized Visio and Project.

In earlier versions of Windows Server, the Administrative Templates had an .ADM file extension, and were Unicode-based text files. In Windows Server 2008 and 2008 R2, the Administrative Template Files In Linux [Ubuntu PPA] » href= »http://www.adminreseau.fr/wimlib-imagex-dism-alternative-to-manipulate-wim-files-in-linux-ubuntu-ppa/ »>files are XML files with an ADMX or an ADML extension. Thankfully, if you still have your Administrative Templates in the classic ADM Sync: Secure File Sync Between Computers Using P2P Technology [Public Alpha] » href= »http://www.adminreseau.fr/bittorrent-sync-secure-file-sync-between-computers-using-p2p-technology-public-alpha/ »>file type, then you can still use them. They can be installed through the use of the Group Policy Management Console, as described in our previous article, Adding New Administrative Templates to a GPO.

If you have one of the new XML-based Administrative Templates, you do not install it through the console in the same way as the classic ADM files. Instead, you only have to place the ADMX files into a location where either the Group Policy Editor (GPEDIT.MSC) or the Group Policy Management Console (gpmc.msc) can find and read it.

microsoft.com » onClick= »_gaq.push(['_trackEvent', 'AdKit ** Client 13', '2651', 'Click']); » title= »" rel= »nofollow »>

Also see » Rebuild an Entire Database Availability Group

Where To Put The ADMX Files

Will there be more than one administrator managing GPOs for your domain? If so, you should consider creating a central store for the Administrative Templates. The central store is easy to set up and keeps all of the Administrative Templates in one place, so all domain administrators have access to the same GPO Administrative Templates. A central store is not a requirement, and whether you are the only administrator or you just don’t want to create and use one, you can still install and use the ADMX/ADML files on a workstation (no XP though, you must be running at least Vista).

How To Create A Central Store

First, the central store needs a root folder to store all of the language neutral Administrative Templates. It then needs a folder created that holds each language specific Administrative Template that your domain environment will create Group Policies for.  On the PDC Emulator, create the folders like this:

Start an administrative session in PowerShell

I will be using only one language (I’ll use my language code in this example: EN-US). A full list of locales and languages are available at Microsoft‘s Locale Identifiers page.

$  codes = “EN-US”

# If you want additional language codes, create $  languageCodes as an array:
#  $  languageCodes = “EN-US”, “EN-CA”, “FR-CA”

$  path = “$  env:systemroot\sysvol\domain\policies\PolicyDefinitions”

$  codes | Foreach-Object {New-Item –Path “$  path$  _” –Itemtype directory –Force}

You do not need to create the folder on each Domain Controller. When the Domain Controllers replicate, the folders will be created on each Domain Controller. Relying on the replication is the reason to create the folder on the Domain Controller that is holding the PDC emulator role.

Now that the central store is created, you only need to place the ADMX files into the correct section of the central store (language specific templates in the appropriate template folder, and the language neutral templates in the root folder).

microsoft.com » onClick= »_gaq.push(['_trackEvent', 'AdKit ** Client 13', '2861', 'Click']); » title= »" rel= »nofollow »>

Since the presence of a central store makes the group policy editing tools (GPEDIT and GPMC) stop looking in other places for Administrative Templates, you must populate the central store after creating it.

How to Populate the Central Store with PowerShell

Without populating the central store, all of the original Administrative Templates will not be seen by your group policy editing tools. To copy over all of the existing Administrative Templates from your workstation or Domain Controller, use PowerShell:

$  local = “$  env:systemroot\PolicyDefinitions”
$  centralStore = “$  env:logonserver\sysvol\policies\PolicyDefinitions”
Copy-Item –Path “$  local\*.*” –Destination $  centralstore –Recurse

This will populate the central store with all of the policies.

How to Use Administrative Templates Without a Central Store

When you do not require a central store, you can still install the Administrative Template files directly into the Workstation that you are working with the Group Policy on.

You can save the language neutral files (those with an ADMX extension) directly into the $ env:systemroot\PolicyDefinitions folder. There will already be some policy definitions present in that folder.

Language specific files (those with an ADML file extension) will need to be put directly into the language folder that it corresponds to (such as “EN-US”).

Conclusion

When you need to expand the capabilities of Group Policy, you can find Administrative Templates provided by the vendor of the software or hardware.  The classic « ADM » files which are used in previous versions of Windows Server still work in Server 2008. Additionally, there are new XML-based Administrative Templates identifiable by their ADMX file extension (or ADML for language specific templates.)

A central store can be set up on the domain controllers, which manages all of the Administrative Templates in use within the domain. Once set up, the central store makes adding the XML Administrative Templates available to all Group Policy Administrators in the domain, and adding more is as easy as copying files into the store.

Without a central store, you will just need to copy the Administrative Templates into the systemroot\PolicyDefinitions folder, and your group policy editor will pick up the new policies.




Petri IT Knowledgebase

Windows

Enjoyed reading this post?
Subscribe to the RSS feed and have all new posts delivered straight to you.
Post your comment




Celadon theme by the Themes Boutique