[VISTA] Article: Getting Ready for Vista Group Policy

• From: "Jim Kenzig http://ThinHelp.com" <jkenzig@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx, vista@xxxxxxxxxxxxx, windows2000@xxxxxxxxxxxxx
• Date: Thu, 2 Nov 2006 06:40:42 -0800 (PST)

Windows Vista, the next operating system from Microsoft, is scheduled to be 
released next week on November 8th. One of the most important things that is 
different with Vista for the System Administrator is how Group Policy works. 
   
  Recently there was a good article on Vista's new Group Policy (GP) in Technet 
Magazine in the November issue written by Jeremy Moskowitz, MS GP MVP and 
webmaster of gpanswers.org. 
   
  As good as the article is, Jeremy glosses over and misses some key details of 
what you need to know to get Vista GPO working on your domain.  I had to do 
some further research and quite a bit of reading to come across how to go about 
doing this. And of course this is my whole reason for writing this article to 
share what I have learned. 
   
  First and foremost, Windows Vista now uses policy template files that end in 
the extension ADMX instead of ADM.  The ADMX file is written in XML, quite 
different than that of the text based ADM files. Vista will still read adm 
files but it is not optimal to use them.  I found an article 918239 on the 
Microsoft site on how to write a sample ADMX file for Internet Explorer.  As 
you can see it is not for the faint of heart. 
   
  There are over 800 new policies available for Windows Vista. The caveat is 
that Windows Vista Policies can be put on a Windows 2000 or 2003 server, but 
MUST be managed from a Windows Vista Machine. 
   
  In order to set up your Windows 2000/2003 Domain controller to manage Vista 
Group Policy you must set up a central store.  I found the steps to do this on 
a Microsoft page in the technet library. 
   
  Here are the steps from the above Microsfot article to creating a Central 
Store on your Domain Controller in order to use the Vista Group Policies. 
   
    The central store has to be created manually once on a domain controller. 
This domain controller can be a Windows Server 2000/2003. The File Replication 
Service (FRS) will replicate it to the other domain controllers of this domain. 
It is recommended, though, to create the central store on the primary domain 
controller. 
    
     First, you have to create the root folder of the central store:
%systemroot%\sysvol\domain\policies\PolicyDefinitions
  
     Copy all ADMX files (also the .adml folders) from the local store of your 
Vista machine to the central store. The local store can be found under 
%systemroot%\PolicyDefinitions. 

  Older versions of group policy copied all template files into a new directory 
for every policy you created. Using a central store saves bunches of disk 
space. The old GPMC created a separate uuid for each policy you created that 
could go over 5 meg for each policy. This is what makes using the new Vista 
policies beneficial and worth looking at. 
   
  There are over 800 new policies Microsoft has a spreadsheet of the policies 
as of beta 2 available on their website here. Microsoft also has created a 
guide for Managing Vista Group Policy that you can get from this link. With 
another version of it in html found here. 
   
  So as you can see the information on ADMX templates and Vista Group Policy is 
already pretty spread out and available... it is just finding it and sorting it 
all out that is the problem. The frustration comes when you go to look for some 
sort of utility to help you create your own ADMX templates with XML or edit 
existing ones.  No such utility exists and it is noted in the Technet magazine 
articel that Microsoft has no plans of releasing one.  There is the XML Notepad 
2006 utility that may be of use but that is not specifically made for editing 
policies..only XML files.  You still have know what you are doing. 
   
  If anything I hope this article gives you the additional information and 
directions of where to go to get the information you need to get you started 
using Vista Group Policy. 
   
  @Copyright Jim Kenzig
  Here are Link resources from the Article:
  Technet Magazine: More Powerful Group Policy In Windows Vista
  
http://www.microsoft.com/technet/technetmag/issues/2006/11/VistaGPO/default.aspx
   
  MSKB Aritcle 918239: How to write custom .adm and .admx administrative 
template files to provide an elevation policy for protected mode in Internet 
Explorer 7.0
  http://support.microsoft.com/kb/918239
   
  Editing Domain-Based GPOs Using ADMX Files
  
http://www.microsoft.com/technet/windowsvista/library/1494d791-72e1-484b-a67a-22f66fbf9d17.mspx
   
  Group Policy Settings Reference Windows Vista Beta 2
  
http://www.microsoft.com/downloads/details.aspx?FamilyID=7812c9cb-e6ca-4144-98ab-2d78587462c5&DisplayLang=en
   
  Managing Group Policy ADMX Files Step by Step Guide
  
http://download.microsoft.com/download/3/b/a/3ba6d659-6e39-4cd7-b3a2-9c96482f5353/Managing%20Group%20Policy%20ADMX%20Files%20Step%20by%20Step%20Guide.doc
  and
  
http://www.microsoft.com/technet/windowsvista/library/02633470-396c-4e34-971a-0c5b090dc4fd.mspx
   
  XML NotePad 2006
  
http://www.microsoft.com/downloads/details.aspx?familyid=72D6AA49-787D-4118-BA5F-4F30FE913628&displaylang=en
   
   
   
   
   


Jim Kenzig 
    Microsoft MVP - Terminal Services
  Citrix Technology Professional
  Provision Networks VIP
CEO The Kenzig Group
http://www.kenzig.com
Blog: http://www.techblink.com

    Terminal Services Downloads: http://www.thinhelp.com



   


*****************************
Windows Vista Links, list options 
and info are available at:
http://www.VistaPop.com
*****************************

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription