- Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
- dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023
- Ten sed command examples - Wed, Aug 23 2023
Unfortunately, there is no built-in way to have Microsoft Windows or an Active Directory Domain Controller check for the latest available ADMX templates as part of Group Policy. Instead, administrators have relied on periodically checking for updated ADMX packages.
Using automated processes with scripting tools like PowerShell, administrators can automate manual update processes to create an up-to-date environment. Using the EvergreenAdmx.ps1 script is a great way to do this.
What is EvergreenAdmx?
EvergreenAdmx allows admins to schedule the download of the latest ADMX files available for specific operating systems. It performs two functions:
- It checks for new versions of ADMX templates and, if found, downloads and processes the latest version.
- It copies the new ADMX template files to the Active Directory Central Store or another folder you choose. By copying the files to the proper Central Store Policy Definitions folder, all the domain controllers get the most recent template versions.
You can find the official link to the GitHub page here.
It keeps the following ADMX template files updated for Adobe Acrobat and Reader, FSLogix, Google Chrome, Microsoft Edge (Chromium), Microsoft Office, Microsoft OneDrive, and Windows 10 /11, among others.
While you can manually download the script to a folder and execute it in this way, the easiest way to install EvergreenAdmx is to install the script from the PowerShell Gallery:
Install-Script -Name EvergreenAdmx
You must accept the prompts to add the script path to your PATH environment variable and add the untrusted repository.
Now you can run the EvergreenAdmx.ps1 script by typing evergreenadmx.
With the parameter Include, you can specify all products you want to process during the EvergreenAdmx check.
Valid entries are:
- Custom Policy Store
- Windows 10
- Microsoft Edge
- Microsoft OneDrive
- Microsoft Office
- Adobe AcrobatReader DC
- Citrix Workspace App
- Google Chrome
- Microsoft Desktop Optimization Pack
- Mozilla Firefox
- Zoom Desktop Client
If you don't use the Include parameter while running the script, it will download only the Windows 11 22H2, Microsoft Office, Microsoft OneDrive, and Microsoft Edge templates to the default c:\Program Files\WindowsPowerShell\Scripts\downloads location.
Scheduling the download of ADMX templates
The main use case of EvergreenAdmx is scheduling it to pull down the latest ADMX templates automatically and have these copied to the Central Store of your PolicyDefinitions folder in Active Directory.
You can easily create a scheduled task to run the Evergreen one-liner below:
EvergreenAdmx.ps1 -Windows11Version "22H2" -PolicyStore "C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions"
The EvergreenAdmx GitHub page provides an XML file that you can import to create a scheduled task in your environment.
The configured task will check for new ADMX templates and update the Central Store Policy Definitions daily with the newest ADMX templates.
Evergreen environments on-premises require automated processes to ensure you have the most recent versions of applications, files, and configurations. Keeping your Active Directory Group Policy ADMX templates updated using manual processes is labor-intensive and can lead to issues with old versions of policy templates.
Subscribe to 4sysops newsletter!
The EvergreenAdmx script is a great way to continually update your ADMX templates with the latest versions from Microsoft and third-party vendors.