[OPLINTECH] Article: Getting Ready for Windows Vista Group Policy
JKENZIG
JKENZIG at cuyahogalibrary.org
Thu Nov 2 10:04:56 EST 2006
Hi All,
I wrote this article last evening and I thought I would pass along to
the group. Hope those of you who do system administration might find
this helpful.
Jim
Windows Vista, the next operating system from Microsoft, is scheduled to
be released next week on November 8th. One of the most important things
that is different with Vista for the System Administrator is how Group
Policy works.
Recently there was a good article on Vista's new Group Policy (GP) in
Technet Magazine in the November issue written by Jeremy Moskowitz, MS
GP MVP and webmaster of gpanswers.org
<http://www.microsoft.com/technet/technetmag/issues/2006/11/VistaGPO/def
ault.aspx> .
As good as the article is, Jeremy glosses over and misses some key
details of what you need to know to get Vista GPO working on your
domain. I had to do some further research and quite a bit of reading to
come across how to go about doing this. And of course this is my whole
reason for writing this article to share what I have learned.
First and foremost, Windows Vista now uses policy template files that
end in the extension ADMX instead of ADM. The ADMX file is written in
XML, quite different than that of the text based ADM files. Vista will
still read adm files but it is not optimal to use them. I found an
article 918239 on the Microsoft site
<http://support.microsoft.com/kb/918239> on how to write a sample ADMX
file for Internet Explorer. As you can see it is not for the faint of
heart.
There are over 800 new policies available for Windows Vista. The caveat
is that Windows Vista Policies can be put on a Windows 2000 or 2003
server, but MUST be managed from a Windows Vista Machine.
In order to set up your Windows 2000/2003 Domain controller to manage
Vista Group Policy you must set up a central store. I found the steps
to do this on a Microsoft page in the TechNet library.
<http://www.microsoft.com/technet/windowsvista/library/1494d791-72e1-484
b-a67a-22f66fbf9d17.mspx>
Here are the steps from the above Microsoft article to creating a
Central Store on your Domain Controller in order to use the Vista Group
Policies.
The central store has to be created manually once on a domain
controller. This domain controller can be a Windows Server 2000/2003.
The File Replication Service (FRS) will replicate it to the other domain
controllers of this domain. It is recommended, though, to create the
central store on the primary domain controller.
1.
First, you have to create the root folder of the central store:
%systemroot%\sysvol\domain\policies\PolicyDefinitions
2.
Copy all ADMX files (also the .adml folders) from the local
store of your Vista machine to the central store. The local store can be
found under %systemroot%\PolicyDefinitions.
Older versions of group policy copied all template files into a new
directory for every policy you created. Using a central store saves
bunches of disk space. The old GPMC created a separate uuid for each
policy you created that could go over 5 meg for each policy. This is
what makes using the new Vista policies beneficial and worth looking at.
In light of the over 800 new policies Microsoft has released a
spreadsheet of the policies as of beta 2 available on their website
here.
<http://www.microsoft.com/downloads/details.aspx?FamilyID=7812c9cb-e6ca-
4144-98ab-2d78587462c5&DisplayLang=en> Microsoft also has created a
guide for Managing Vista Group Policy that you can get from this link.
<http://download.microsoft.com/download/3/b/a/3ba6d659-6e39-4cd7-b3a2-9c
96482f5353/Managing%20Group%20Policy%20ADMX%20Files%20Step%20by%20Step%2
0Guide.doc> With another version of it in html found here.
<http://www.microsoft.com/technet/windowsvista/library/02633470-396c-4e3
4-971a-0c5b090dc4fd.mspx>
So as you can see the information on ADMX templates and Vista Group
Policy is already pretty spread out and available... it is just finding
it and sorting it all out that is the problem. The frustration comes
when you go to look for some sort of utility to help you create your own
ADMX templates with XML or edit existing ones. No such utility exists
and it is noted in the TechNet magazine article that Microsoft has no
plans of releasing one. There is the XML Notepad 2006
<http://www.microsoft.com/downloads/details.aspx?familyid=72D6AA49-787D-
4118-BA5F-4F30FE913628&displaylang=en> utility that may be of use but
that is not specifically made for editing policies..only XML files. You
still have know what you are doing.
If anything I hope this article gives you the additional information and
directions of where to go to get the information you need to get you
started using Vista Group Policy.
@Copyright Jim Kenzig
Here are Link resources from the Article:
TechNet Magazine: More Powerful Group Policy In Windows Vista
http://www.Microsoft.com/technet/technetmag/issues/2006/11/VistaGPO/defa
ult.aspx
<http://www.Microsoft.com/technet/technetmag/issues/2006/11/VistaGPO/def
ault.aspx>
MSKB Article 918239: How to write custom .adm and .admx administrative
template files to provide an elevation policy for protected mode in
Internet Explorer 7.0
http://support.microsoft.com/kb/918239
<http://support.microsoft.com/kb/918239>
Editing Domain-Based GPOs Using ADMX Files
http://www.microsoft.com/technet/windowsvista/library/1494d791-72e1-484b
-a67a-22f66fbf9d17.mspx
<http://www.microsoft.com/technet/windowsvista/library/1494d791-72e1-484
b-a67a-22f66fbf9d17.mspx>
Group Policy Settings Reference Windows Vista Beta 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=7812c9cb-e6ca-4
144-98ab-2d78587462c5&DisplayLang=en
<http://www.microsoft.com/downloads/details.aspx?FamilyID=7812c9cb-e6ca-
4144-98ab-2d78587462c5&DisplayLang=en>
Managing Group Policy ADMX Files Step by Step Guide
http://download.microsoft.com/download/3/b/a/3ba6d659-6e39-4cd7-b3a2-9c9
6482f5353/Managing%20Group%20Policy%20ADMX%20Files%20Step%20by%20Step%20
Guide.doc
<http://download.microsoft.com/download/3/b/a/3ba6d659-6e39-4cd7-b3a2-9c
96482f5353/Managing%20Group%20Policy%20ADMX%20Files%20Step%20by%20Step%2
0Guide.doc>
and
http://www.microsoft.com/technet/windowsvista/library/02633470-396c-4e34
-971a-0c5b090dc4fd.mspx
<http://www.microsoft.com/technet/windowsvista/library/02633470-396c-4e3
4-971a-0c5b090dc4fd.mspx>
XML NotePad 2006
http://www.microsoft.com/downloads/details.aspx?familyid=72D6AA49-787D-4
118-BA5F-4F30FE913628&displaylang=en
<http://www.microsoft.com/downloads/details.aspx?familyid=72D6AA49-787D-
4118-BA5F-4F30FE913628&displaylang=en>
Jim Kenzig
Network Manager
Cuyahoga County Public Library
Microsoft MVP - Terminal Services
<https://mvp.support.microsoft.com/profile=23AEC72D-4582-47DE-8516-85D40
0AD929A>
Citrix Technology Professional
<http://www.citrix.com/English/ps2/products/feature.asp?contentID=38494>
Provision Networks VIP
<http://www.provisionnetworks.com/vips/members.aspx>
jkenzig at cuyahogalibrary.org
216-749-9389
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/mailman/private/oplintech/attachments/20061102/961aabbe/attachment.html
More information about the OPLINTECH
mailing list