Management via GPO in an Active Directory Domain

2019-02-20 18:22:35
Posted by aeadmin on Feb 20, 2019 10:22:35 AM

 

As organizations upgrade their systems and deploy Windows 10 operating systems into their enterprise domain environments, it is important to also update group policies to manage new features. This article will introduce the topic of creating a Central Store to ensure the Administrative Templates required are available across all domain controllers for a consistent management experience.

Administrative Templates (.admx) and their accompanying language files (.adml) allow for system- and application-specific features to be controlled via group policy. Microsoft and other third-party companies (example: Google Chrome) have templates available for their products. The link below can be used for the April 2018 Update (1803) version of Windows 10. It’s important to use the templates corresponding to the edition of Windows 10 being deployed in the environment and note that some management features from previous versions/releases have also been deprecated.

https://www.microsoft.com/en-us/download/details.aspx?id=56880

The Central Store is a folder named PolicyDefinitions that is created within the SYSVOL folder on a domain controller. The template and language files are then stored in this folder where they are referenced and loaded in the Group Policy tools.

Create a folder named PolicyDefinitions in the following location:
\\domain.com\SYSVOL\domain.com\Policies
AMDX and ADML files that apply to a specific operating system release are included and can be found locally at this path:

C:\Windows\PolicyDefinitions

These files can be copied into the Central Store in the event of an issue obtaining the files from a Microsoft website or in an instance when features specific to the OS release are not included with a later ADMX template release.

Typically, template files are simply copied into the Central Store and older versions of the same file are re-written. Any files that are not included with the update stay in the Central Store and continue to function as designed.

In environments where workstations are upgraded frequently or have a variety of Windows Operating Systems deployed, it may be beneficial to create a copy of existing template files prior to installing new templates in case an issue occurs with managing features and there is a need to roll-back.

Getting Started:
There is a vast collection of new features to manage in Windows 10. Below is a link to Microsoft’s Group Policy settings reference guide.

https://www.microsoft.com/en-us/download/details.aspx?id=25250

The list below provides common settings to consider when deploying Windows 10 in an enterprise environment.

Microsoft Documentation and References:
https://support.microsoft.com/en-us/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra
https://blogs.technet.microsoft.com/canitpro/2015/10/20/step-by-step-managing-windows-10-with-administrative-templates/


Written and composed by Raul Perez, Microsoft Systems Engineer

Tags: Technology, Azure, cybersecurity, Microsoft, Azure AD, Windows 10

    Microsoft Teams  Switch on the  Power of Teamwork Today!

    We're here to help!

    We'd love to find out more about the projects and initiatives you're working on to exchange ideas and provide some high-level guidance where we can.  We love learning from others as well as sharing some of our experience and lessons learned.  Let's talk!

    Subscribe to Email Updates

    Recent Posts

    Posts by Tag

    see all