This is the third post about the changes of Group Policy in Windows Vista. The first one was about the new logging capabilities and the second one about the replacement of ADM templates by ADMX files. In this post, I am introducing Windows Vista's central store for Administrative Templates.
- OpenVPN IPv6 and IPv4 configuration - Mon, Mar 1 2021
- 4sysops author and member competition 2020 - Fri, Jan 1 2021
- Assign an IPv6 address to an EC2 instance (dual stack) - Tue, Dec 15 2020
The central store is a repository for all policy definitions of a Windows domain (2000 or 2003). It contains all ADMX templates, i.e. all .admx files and all .adml files. If you start GPMC (Group Policy Management Console) on a Vista machine, it will automatically get the ADMX templates from the central store, if it is available.
The advantage of this concept is obvious. All administrators will automatically use a central repository for their Administrative Templates. If all administrators use Vista machines for managing Group Policy, then this will also work for legacy Windows (XP/2k/2k3) computers. So, no administrator will ever wonder again which ADM files have been used to edit a certain Group Policy Object (GPO).
There is another advantage: ADM files are always added to each GPO. You can check this out, if you open the Sysvol share on a domain controller. In the Policies directory, you'll find the GPO folders. Each GPO is identified by its GUID. If you edit GPOs on a Vista machine, this doesn't happen anymore. That saves space in Sysvol and reduces the traffic between domain controllers. Of course, this is only an advantage if you make heavy use of Administrative Templates. Every ADM file that is added to a GPO costs about 4 MB on each domain controller
The central store has to be created manually once on a domain controller. This domain controller can be a Windows Server 2000/2003. The File Replication Service (FRS) will replicate it to the other domain controllers of this domain. It is recommended, though, to create the central store on the primary domain controller.
- First, you have to create the root folder of the central store:
- Copy all ADMX files (also the .adml folders) from the local store of your Vista machine to the central store. The local store can be found under %systemroot%\PolicyDefinitions.
From now on, if you edit Group Policy Objects you'll automatically load ADMX files form the central store. If the domain controller is not available, Vista will use the local store.
Subscribe to 4sysops newsletter!
In the next post of this series, I will write about the new Network Location Awareness feature of Group Policy in Windows Vista.