[gptalk] Re: Confused about Vista Group Policies

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 14 Jun 2007 14:08:53 -0700

Answers below Jack:


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Kopenski, Jack
Sent: Thursday, June 14, 2007 1:23 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Confused about Vista Group Policies



Sometimes the light has trouble getting through to my brain, so I need some
enlightenment about how Vista Group Policies work while in a mixed (XP -
Vista) environment.  I see there is some new local vs. domain storage issues

My company is just starting to deploy some Vista machines for our developers
and I thought we might want to add some device installation restrictions.

I currently have a "master workstations settings" GPO which all existing
workstations invoke and has mostly user configuration stuff.  Now with the
new Vista settings can I simply use my Vista machine to enable the Vista
specific setting in the computer configuration section?   Or, must I create
an entirely new "Vista GPO" for this?

If you want to continue editing your GPOs from both XP and Vista machines,
then you will find it easier to manage if you create a separate GPO for
Vista-specific settings, from your Vista machine. You don't have to, but
keep in mind that any Vista-specific settings that you set on a GPO from a
Vista system will not be seen when you edit that GPO from XP/2003. That can
get confusing.

Once I update it with the Vista settings does the ADMX file get stored in
with my existing GPO, because I don't see the ADMX files on my DC now, only
on my Vista machine.   

No, the ADMX files are never stored in SYSVOL with the GPO. That's the
beauty of them. Only ADM files ever get stored in SYSVOL. That's also a good
reason to use Vista exclusively with Vista-specific GPOs. Once you edit a
Vista-created GPO with XP/2003, it wants to copy the ADMs into SYSVOL, thus
cluttering up SYSVOL after Vista did away with the problem.

If I use my XP machine to view the GPO I will not see the Vista specific
settings I configured with my Vista machine, correct?



The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

Other related posts: