Friday, July 29, 2011

Managing Group Policy for Windows 7

When implementing Windows 7 in your environment it's time to think about managing them too. For that new Group Policy templates are available which can be download at the following location:
Administrative Templates (ADMX) for Windows Server 2008 R2 and Windows 7
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=6243 

New in Windows 7 is that Administrative templates are in ADMX format. In earlier releases they were in ADM format only. Then it was possible to import them with Add/Remove templates. Because Administrative templates are in ADMX format now only, this is not functional anymore. In this blog I will explain how to use them.

Just download the MSI file from the above link and install it. The default location for install will be "C:\Program Files\Microsoft Group Policy\win72008r2\" which is just fine. After that many files are located in the PolicyDefinitions folder, which are 55 language folders with ADML files (language-specific) and 160 ADMX files (language-neutral). Because  they cannot be imported by Add//Remove templates additional steps are needed now.


To ensure that the new ADMX and ADML files are propagated throughout the domain, on the computer on which you downloaded the new ADMX and ADML files, copy the new PolicyDefinitions directory to the appropriate location under SYSVOL on the appropriate domain controller. Doing so will ensure that all language-specific subdirectories are also copied to SYSVOL.

This can also be found in the following TechNet post:
How to create a Central Store for Group Policy Administrative Templates in Window Vista/7

http://support.microsoft.com/kb/929841

It mentions: To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the following location:
\\FQDN\SYSVOL\FQDN\policies
Copy all files from the PolicyDefinitions folder on a Windows Vista/7-based client computer to the PolicyDefinitions folder on the domain controller.
Important: Updates to SYSVOL are replicated to all domain controllers in the domain, which results in increased network traffic and load placed on the domain controllers. Therefore, to minimize the impact of this operation in your domain, schedule the copying of updated ADMX and ADML files to SYSVOL outside core business hours.


After that it's possible that the following error message is displayed:
Administative Templates
Encountered an error while parsing.
Expected one of the following possible elements(s), <test>, <decimalTestBox>, <testBox>, <checkBox>, <comboBox>, <dropdownList>, <listBox>, but found <multiTextBox> instead.
File
\\mydomain\SysVol\mydomain...\terminalserver-Server.adml,
line 198, column 60

Alternatively, if the error is showing parsing issues with a particular ADMX/ADML file, you can simply remove that from the PolicyDefinitions folder. For example, the terminalserver-Server-ADML file is specific to Server 2008-R2 and you probably don't need it for now.

After these steps it's possible to manage Windows 7 with Group Policies. Because there are 160 different ADMX files, each file is used for a specific part of Windows. Just have a look at it for all possibilities.

3 comments:

  1. Thanks very useful

    ReplyDelete
  2. Your was the only fix that worked since trying to manage IE11 with 2008r2 and 2012Sp1 servers. Thank you!

    ReplyDelete