[gptalk] Re: GPO Processing in VISTA - the whole new can of worms....no adms, now just admx files

  • From: "Mills, Mark" <Mark.Mills@xxxxxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 14 Sep 2006 17:02:01 -0500

The ADM and ADMX templates are stored in two different repositories.  My
advice - read over the short doc at
http://www.microsoft.com/technet/windowsvista/library/1494d791-72e1-484b
-a67a-22f66fbf9d17.mspx  but don't expect your policies set up for your
XP clients to work on VISTA clients (based on my own quick test) 

 

Mark Mills

________________________________

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Omar Droubi
Sent: Thursday, September 14, 2006 4:54 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO Processing in VISTA - the whole new can of
worms....no adms, now just admx files

 

hello Darren,

 

So does this mean that win 2k3 Sp1 supports the admx files already?

 

Will these now appear or replace the existing adm files on the DC? 

 

What if the next administrator connects from an XP SP2 box- will both
adm and admx files show up when we look at the list of administrative
templates?

 

Omar

 

________________________________

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Thursday, September 14, 2006 1:59 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO Processing in VISTA - the whole new can of
worms....no adms, now just admx files

Mark-

The bottom line is that you should not have to recreate any GPOs once
Vista hits. The ADMXs that ship with Vista are a super-set of the
current ADMs and support all of the XP and 2003 (and Win2K) settings in
addition to the new Vista ones. Now, in terms of things like logon
scripts, if the scripts are targeted at a particular OS version, then
you would either need to test for OS version in your script or have
separate GPOs that are filtered by OS version (or security group). But
that is not inherent in the Vista changes--that's just a function of
what you're trying to do.

 

BTW, in case anyone is interested and is planning on attending, I'm
doing a session at the upcoming WinConnections show in Vegas in November
on managing GP in a Vista world.

 

Darren

 

 

 

________________________________

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Mills, Mark
Sent: Thursday, September 14, 2006 1:07 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] GPO Processing in VISTA - the whole new can of
worms....no adms, now just admx files

My question:  Do I have to create a duplication of every Windows 2003
policy used for my WinXP Clients and place it in the new "Central Store"
used by Vista Clients for Group Policies. (The "Central Store" is a new
directory you have to manually create on your domain controller at
%systemroot%\sysvol\domain\policies\PolicyDefinitions, which also has a
subfolder "en-us)

 

I was successfully able to create the new "Central Store" and copied the
new .ADMX files over to it from my VISTA RC1 pc.  (note- Vista does not
use .ADM files) Since all VISTA clients now have the Group Policy
Management Editor installed by default I fired up GPMC.msc on my Vista
RC1 pc, at which point it automatically connects to the Primary Domain
Controller of a domain. 

 

I had created a new OU called Vista Test, with sub OU's of Vista User,
and Vista Computer.  Since most of my Win2k3 \ WinXP Group policies
would not work correctly on the VISTA pc I created a new "User -Mapped
drives- Logon script" Group Policy Object (using the same logon script
that I currently use for my  2003\XP environment)   and applied it to
the "Vista User"  OU, I then created a new "user - Assign Printers to
specific computers"  Group Policy that uses loop back processing and
applied it to the Vista Computer OU.  Now my Vista Box and its
associated user get both the mapped drives and assigned printers.

 

Bottom line is that I had to re-create 2 existing GPO's.  Do I have to
recreate all GPO's for any future Vista clients? Is there any problem
with 1)linking a GPO for mapping drives on a XP PC and also 2) linking a
GPO for mapping drives on a Vista PC...TO THE SAME OU?  Because I don't
plan on creating separate OU's exclusively for Vista pc's.

 

If you haven't heard about the changes in Vista Group Policy you may
want to review:

 

Microsoft's Step by Step Guide for Vista Group Policy: (this is a must
read! Do it now if you administer GP) 

http://www.microsoft.com/technet/windowsvista/library/1494d791-72e1-484b
-a67a-22f66fbf9d17.mspx 

 

Lab walk through of setting up Vista Group Policy
http://203.147.133.54/chass/hol/CLIHOL206.pdf 

 

 

Mark Mills

 

Other related posts: