Update ADMX templates automatically with EvergreenAdmx

Home Blog Update ADMX templates automatically with EvergreenAdmx

4sysops - The online community for SysAdmins and DevOps

    ,   1
Group Policy admins have to deal with a lot of different ADMX templates. These templates are not limited to the operating system, but are also necessary for many applications, such as Adobe Reader, Firefox, Chrome, and OneDrive. Since they are updated on a regular basis, admins must check for new versions and copy them manually to the respective directory. EvergreenAdmx can automate this process.
Contents
  1. What is EvergreenAdmx?
  2. Installing EvergreenAdmx
  3. Scheduling the download of ADMX templates
  4. Wrapping up
Latest posts by Brandon Lee (see all)

Unfortunately, there is no built-in way to have Microsoft Windows or an Active Directory Domain Controller check for the latest available ADMX templates as part of Group Policy. Instead, administrators have relied on periodically checking for updated ADMX packages.

Using automated processes with scripting tools like PowerShell, administrators can automate manual update processes to create an up-to-date environment. Using the EvergreenAdmx.ps1 script is a great way to do this.

What is EvergreenAdmx?

EvergreenAdmx allows admins to schedule the download of the latest ADMX files available for specific operating systems. It performs two functions:

  • It checks for new versions of ADMX templates and, if found, downloads and processes the latest version.
  • It copies the new ADMX template files to the Active Directory Central Store or another folder you choose. By copying the files to the proper Central Store Policy Definitions folder, all the domain controllers get the most recent template versions.

You can find the official link to the GitHub page here.

It keeps the following ADMX template files updated for Adobe Acrobat and Reader, FSLogix, Google Chrome, Microsoft Edge (Chromium), Microsoft Office, Microsoft OneDrive, and Windows 10 /11, among others.

Installing EvergreenAdmx

While you can manually download the script to a folder and execute it in this way, the easiest way to install EvergreenAdmx is to install the script from the PowerShell Gallery:

Install-Script -Name EvergreenAdmx

You must accept the prompts to add the script path to your PATH environment variable and add the untrusted repository.

Installing the EvergreenAdmx script from the PowerShell gallery

Installing the EvergreenAdmx script from the PowerShell gallery

Now you can run the EvergreenAdmx.ps1 script by typing evergreenadmx.

With the parameter Include, you can specify all products you want to process during the EvergreenAdmx check.

Valid entries are:

  • Custom Policy Store
  • Windows 10
  • Microsoft Edge
  • Microsoft OneDrive
  • Microsoft Office
  • FSLogix
  • Adobe AcrobatReader DC
  • BIS-F
  • Citrix Workspace App
  • Google Chrome
  • Microsoft Desktop Optimization Pack
  • Mozilla Firefox
  • Zoom Desktop Client

If you don't use the Include parameter while running the script, it will download only the Windows 11 22H2, Microsoft Office, Microsoft OneDrive, and Microsoft Edge templates to the default c:\Program Files\WindowsPowerShell\Scripts\downloads location.

Running the EvergreenAdmx PowerShell script

Running the EvergreenAdmx PowerShell script

Scheduling the download of ADMX templates

The main use case of EvergreenAdmx is scheduling it to pull down the latest ADMX templates automatically and have these copied to the Central Store of your PolicyDefinitions folder in Active Directory.

You can easily create a scheduled task to run the Evergreen one-liner below:

EvergreenAdmx.ps1 -Windows11Version "22H2" -PolicyStore "C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions"

The EvergreenAdmx GitHub page provides an XML file that you can import to create a scheduled task in your environment.

Creating the EvergreenAdmx scheduled task

Creating the EvergreenAdmx scheduled task

The configured task will check for new ADMX templates and update the Central Store Policy Definitions daily with the newest ADMX templates.

Wrapping up

Evergreen environments on-premises require automated processes to ensure you have the most recent versions of applications, files, and configurations. Keeping your Active Directory Group Policy ADMX templates updated using manual processes is labor-intensive and can lead to issues with old versions of policy templates.

Subscribe to 4sysops newsletter!

The EvergreenAdmx script is a great way to continually update your ADMX templates with the latest versions from Microsoft and third-party vendors.

Related Articles
1 Comment
  1. Earthbound 5 months ago

    Salvation I thought, very nice utility to have for a busy admin….. First off let me warn everyone, and you should be doing this on a lab environment before going live with it, modus operandi. My lab servers = Win 2019 1809. My initial test on a DC, I followed the example given in this article; Other than I ran it from PowerShell ISE before creating a scheduled task. The script completely cleared all existing ADMX and ADML files out of the central store. Expected (glad I backed it up) maybe, however the unexpected was that it only install a bunch of 2016 Office Suite templates, that was it ,none of the other ADMX files came back. I did get the MSI popup warning that you can read about at the end of the GitHub page for this script. Now the real work begins, thoroughly vetting this PowerShell script.
    Brandon you should cover the MSI issue. Unfortunately it is at the bottom of the GitHub page in the notes section with hardly a mention and it should be thoroughly explained.

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account