[gptalk] Re: GPO Processing in VISTA - the whole new can of worms....no adms, now just admx files

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 14 Sep 2006 13:59:08 -0700

The bottom line is that you should not have to recreate any GPOs once Vista
hits. The ADMXs that ship with Vista are a super-set of the current ADMs and
support all of the XP and 2003 (and Win2K) settings in addition to the new
Vista ones. Now, in terms of things like logon scripts, if the scripts are
targeted at a particular OS version, then you would either need to test for
OS version in your script or have separate GPOs that are filtered by OS
version (or security group). But that is not inherent in the Vista
changes--that's just a function of what you're trying to do.
BTW, in case anyone is interested and is planning on attending, I'm doing a
session at the upcoming WinConnections show in Vegas in November on managing
GP in a Vista world.


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Mills, Mark
Sent: Thursday, September 14, 2006 1:07 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] GPO Processing in VISTA - the whole new can of worms....no
adms, now just admx files

My question:  Do I have to create a duplication of every Windows 2003 policy
used for my WinXP Clients and place it in the new "Central Store" used by
Vista Clients for Group Policies. (The "Central Store" is a new directory
you have to manually create on your domain controller at
%systemroot%\sysvol\domain\policies\PolicyDefinitions, which also has a
subfolder "en-us)


I was successfully able to create the new "Central Store" and copied the new
.ADMX files over to it from my VISTA RC1 pc.  (note- Vista does not use .ADM
files) Since all VISTA clients now have the Group Policy Management Editor
installed by default I fired up GPMC.msc on my Vista RC1 pc, at which point
it automatically connects to the Primary Domain Controller of a domain. 


I had created a new OU called Vista Test, with sub OU's of Vista User, and
Vista Computer.  Since most of my Win2k3 \ WinXP Group policies would not
work correctly on the VISTA pc I created a new "User -Mapped drives- Logon
script" Group Policy Object (using the same logon script that I currently
use for my  2003\XP environment)   and applied it to the "Vista User"  OU, I
then created a new "user - Assign Printers to specific computers"  Group
Policy that uses loop back processing and applied it to the Vista Computer
OU.  Now my Vista Box and its associated user get both the mapped drives and
assigned printers.


Bottom line is that I had to re-create 2 existing GPO's.  Do I have to
recreate all GPO's for any future Vista clients? Is there any problem with
1)linking a GPO for mapping drives on a XP PC and also 2) linking a GPO for
mapping drives on a Vista PC.TO THE SAME OU?  Because I don't plan on
creating separate OU's exclusively for Vista pc's.


If you haven't heard about the changes in Vista Group Policy you may want to


Microsoft's Step by Step Guide for Vista Group Policy: (this is a must read!
Do it now if you administer GP) 



Lab walk through of setting up Vista Group Policy 



Mark Mills


Other related posts: