Scenario 2: Editing Domain-Based GPOs Using ADMX Files
This scenario shows you how to edit domain-based GPOs using ADMX files.
Prerequisites for Administering Domain-Based GPOs with ADMX Files
To complete the tasks in this section, you should have at least:
- A Windows Server 2008, Windows Server 2003, or Windows 2000 domain that uses a DNS name server.
- A Windows Vista–based computer to use as an administrative workstation.
Steps for Using the Optional Central Store with Domain-Based GPOs
The central store for ADMX files allows all administrators editing domain-based GPOs to access the same set of ADMX files. If you choose not to create an ADMX central store, editing GPOs will work the same way as in Scenario 1 ("Editing the Local GPO with ADMX Files"). After the central store has been created, the Group Policy tools will use the ADMX files only in the central store, ignoring the locally stored versions. To edit GPOs using centrally stored ADMX files, complete these tasks in order.
Create the Central Store
The central store is a folder structure created in the Sysvol directory on the domain controllers in each domain in your organization. You will need to create the central store only once on a single domain controller for each domain in your organization. The File Replication service then replicates the central store to all domain controllers in a domain. Still, it is recommended that you create the central store on the primary domain controller. Group Policy Management Console and Group Policy Object Editor can use ADMX files more quickly because Group Policy tools connect to the primary domain controller by default.
The central store consists of the following:
- A root-level folder, which contains all language-neutral ADMX files.
- Subfolders, which contain the language-specific ADMX resource files.
To create the central store
Create the root folder for the central store on your domain controller:
Create a subfolder of %systemroot%\sysvol\domain\policies\PolicyDefinitions for each language your Group Policy administrators will use. Each subfolder is named after the appropriate ISO-style Language/Culture Name. For a list of ISO-style Language/Culture Names, go to the Locale Identifiers page. For example, to create a subfolder for United States English, create the subfolder:
To perform this procedure, you must be a member of the Domain Administrators group in Active Directory.
Populate the Central Store with ADMX Files
There is no user interface for populating the central store in Windows Vista. The following procedure shows how to populate the central store using command line syntax from the domain controller.
To populate the central store
Open a command window: Press the Windows logo key + R, and then type cmd.
To copy all language-neutral ADMX files (.admx) from your Windows Vista administrative workstation to the central store on your domain controller using the copy command, type:
copy %systemroot%\PolicyDefinitions\* %logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions\
To copy all ADMX language-specific resource files (.adml) from your Windows Vista administrative workstation to the central store on your domain controller using the copy command, type:
copy %systemroot%\PolicyDefinitions\[MUIculture]\* %logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions\[MUIculture]\
For example, to copy all United States English .adml files, type the following:
copy %systemroot%\PolicyDefinitions\EN-US\* %logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions\EN-US\
Edit the Administrative Template Policy Settings in the Domain-Based GPOs
You must perform this procedure on a Windows Vista-based computer. You will only be able to display new Windows Vista-based policy settings in GPOs with Group Policy tools using ADMX files on a Windows Vista-based computer.
To edit administrative template policy settings using ADMX files
To open Group Policy Management Console on a Windows Vista machine, press the Windows logo key + R, and then type GPMC.msc.
To create a new GPO to edit, right-click the Group Policy Objects node and select New.
Type a name for the GPO and click OK.
Expand the Group Policy Objects node.
Right-click the name of the GPO you created and click Edit.
Group Policy Object Editor automatically reads all ADMX files stored in the central store. After the central store has been created the Group Policy tools will use the ADMX files only from the central store, ignoring any ADMX files stored locally on the Windows Vista administrative machine.
ADMX files are read from the central store of the domain in which the GPO was created. Reading ADMX files from the central store may have an impact on the speed of the Group Policy tools response if the domain's domain controllers are located in a site separated by WAN links from the administration machine.
- When there is no central store, Group Policy Object Editor reads the local versions of the ADMX files used by the local GPO on your Windows Vista administrative machine.
- You can still remove and add ADM files to the GPO. There is no user interface for adding or removing ADMX files in Windows Vista. To add local ADMX files to the Group Policy editing session, copy the ADMX files to the %systemroot%\PolicyDefinitions\ folder and restart Group Policy Object Editor.
- Group Policy tools will continue to recognize custom ADM files you have in your existing environment, but will ignore any ADM file that has been superseded by ADMX files: System.adm, Inetres.adm, Conf.adm, Wmplayer.adm, and Wuau.adm. Therefore, if you have edited any of the these files to modify existing or create new policy settings, the modified or new settings will not be read or displayed by the Windows Vista–based Group Policy tools.