News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Known issues managing a Windows 10 Group Policy client in Windows Server 2012 R2

    Home Forums Admin IT Lounge Known issues managing a Windows 10 Group Policy client in Windows Server 2012 R2

    This topic contains 1 reply, has 1 voice, and was last updated by  PhotM 2 years, 6 months ago.

    • Author
      Posts
    • #103875 Reply

      PhotM
      AskWoody Plus

      Known issues managing a Windows 10 Group Policy client in Windows Server 2012 R2

      Summary

      This article describes the known challenges that can occur when you manage a Windows 10 Group policy client base from a Windows 2012 R2 server. The same challenges apply to using the Advanced Group Policy Management sever (AGPM) on a Windows 2012 R2 server when you manage Windows 10 Clients.

      The document is separated into sections for each subsequent upgrade as they were released. It also indicates when a change affects only a specific build of the Group Policy ADMX template files.

      The following list of changes do not include the many new additional settings that are added to each template file because they do not have any effect if they are added to an existing deployment. The existing deployment does not use those settings. Therefore, it is unlikely to affect the environment.

      It is also important to consider that during the GPMC startup, the console caches the ADMX files into memory. Therefore, any changes to the templates that occur while the tool is open do not appear, even after a report refresh. After the tool is shut down and then re-opened, it will get the new ADMX files from the policydefinitions folder.

      More Information

      Traditionally, the method of translating group policy settings into a user interface that could be easily managed was provided by ADM files. These files use their own markup language. They were locale-specific. Therefore, they were difficult to manage for multinational companies.

      Microsoft Windows Vista and Windows Server 2008 introduced a new method of displaying settings within the Group Policy Management Console. Registry-based policy settings (located under the Administrative Templates category in the Group Policy Object Editor) are defined as using a standards-based, XML file format known as ADMX (more commonly known as administrative templates).

      Group Policy Object Editor and Group Policy Management Console remain largely unchanged. In most situations, you do not notice the presence of ADMX files during your daily Group Policy administration tasks.

      Some situations require an understanding of how ADMX files are structured and the location in which they are stored. ADMX files provide an XML-based structure for defining the display of the Administrative Template policy settings in the Group Policy tools. The Group Policy tools recognize ADMX files only if you are using a computer that is running Windows Vista or Windows Server 2008 or later versions.

      Unlike ADM files, ADMX files are not stored in individual GPOs. For domain-based enterprises, administrators can create a central store location of ADMX files that is accessible by anyone who has permission to create or edit GPOs. Group Policy tools continue to recognize any custom ADM files that you have in your existing environment, but will ignore any ADM file that has been superseded by an ADMX file, such as System.adm, Inetres.adm, Conf.adm, Wmplayer.adm, and Wuau.adm. Therefore, if you have edited any of the these files to change or create policy settings, the changed or new settings are not read or displayed by the Windows Vista–based Group Policy tools.

      The Group Policy Object Editor automatically reads and displays Administrative Template policy settings from ADMX files that are stored either locally or in the optional ADMX central store. The Group Policy Object Editor automatically reads and display Administrative Template policy settings from custom ADM files that are stored in the GPO. You can still add or remove custom ADM files by using the Add/Remove template menu option. All Group Policy settings that are currently in ADM files that are delivered by Windows Server 2003, Windows XP, and Windows 2000 are also available in Windows Vista and Windows Server 2008 ADMX files.

      It can be challenging to upgrade the policydefinitions folder that has later revisions of the ADMX files. This is because some settings are deprecated and some are added. Typically, adding settings has a minimal effect. However, deprecating settings often causes pre-configured Group Policies to retain settings that can no longer be changed. Commonly, those types of redundant settings from the new ADMX files are listed as “Extra Registry Settings” in the settings report. These settings are still applied to production, but the administrator can no longer turn them on or off.

      In order to manage this situation, an administrator could delete the Group policy, if it is no longer required. Or, they could copy the legacy ADMX template back to the PolicyDefinitions folder. This would enable the setting to be managed again, but at the cost of losing the new settings from the later revision ADMX template.

      Known ADMX file content change issues in Windows 10 build 1607

      …….

      Properties

      Article ID: 4015786 – Last Review: Mar 23, 2017 – Revision: 36

      Applies to
      Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows 10 Version 1607, Windows 10 Version 1511

      --------------------------------------

      1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

      SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

      CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
      Graphics Radeon RX 580, RX 580 ONLY Over Clocked
      More perishable

      2xMonitors Asus DVI, Sony 55" UHD TV HDMI

      1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
      1xOS W8.1 Pro, NAS Dependent, Same Sony above.

      -----------------

    • #104136 Reply

      PhotM
      AskWoody Plus

      How to create and manage the Central Store for Group Policy Administrative Templates in Windows
      https://support.microsoft.com/en-us/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administrative-templates-in-windows

      INTRODUCTION

      This article describes how to use the new .admx and .adml files to create and administer registry-based policy settings in Windows. This article also explains how the Central Store is used to store and to replicate Windows-based policy files in a domain environment.

      Links to download the Administrative Templates files based on the operating system version

      Administrative Templates (.admx) for Windows 10 Version 1607 and Windows Server 2016

      Administrative Templates (.admx) for Windows 10 and Windows 10 Version 1511

      Administrative Templates (.admx) for Windows 8.1 Update and Windows Server 2012 R2 Update

      Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2

      Administrative Templates (.admx) for Windows 7 and Windows Server 2008 R2
      To view ADMX spreadsheets of the new settings that are available in later operating system versions, go to the following Microsoft Download Center website:

      Group Policy Settings Reference for Windows and Windows Server

      More Information

      Overview

      Administrative Templates files are divided into .admx files and language-specific .adml files for use by Group Policy administrators. The changes that are implemented in these files let administrators configure the same set of policies by using two languages. Administrators can configure policies by using the language-specific .adml files and the language-neutral .admx files.

      Administrative Templates file storage

      Windows uses a Central Store to store Administrative Templates files. The ADM folder is not created in a Group Policy Object (GPO) as it is in earlier versions of Windows. Therefore, Windows domain controllers do not store or replicate redundant copies of .adm files.

      Note If you use a client that is running an earlier version of Windows to change a policy that is created or administered on a Windows 8.1-based or a Windows 10-based computer, the client creates the ADM folder and replicates the files.

      For more information, click the following article number to go to the article in the Microsoft Knowledge Base:
      816662 Recommendations for managing Group Policy Administrative Template (.adm) files

      The Central Store

      To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a Windows domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.

      To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the following location (for example) on the domain controller:

      \\contoso.com\SYSVOL\contoso.com\policies
      Copy all files from the PolicyDefinitions folder on a source computer to the PolicyDefinitions folder on the domain controller. The source location can be either of the following:

      The C:\Windows folder on a Windows 8.1-based or Windows 10-based client computer
      The C:\Program Files (x86)\Microsoft Group Policy\client folder if you have downloaded any of the Administrative Templates separately
      The PolicyDefinitions folder on the Windows domain controller stores all .admx files and .adml files for all languages that are enabled on the client computer.

      The .adml files are stored in a language-specific folder. For example, English (United States) .adml files are stored in a folder that is named “en-US”; Korean .adml files are stored in a folder that is named “ko_KR”; and so on.

      If .adml files for additional languages are required, you must copy the folder that contains the .adml files for that language to the Central Store. When you have copied all .admx and .adml files, the PolicyDefinitions folder on the domain controller should contain the .admx files and one or more folders that contain language-specific .adml files.

      Note When you copy the .admx and .adml files from a Windows 8.1-based or Windows 10-based computer, verify that the most recent updates to these files are installed. Also, make sure that the most recent Administrative Templates files are replicated. This advice also applies to service packs, as applicable.

      Group Policy administration

      Windows 8.1 and Windows 10 do not include Administrative Templates that have an .adm extension. We recommend that you use computers that are running Windows 8.1 or later versions of Windows to perform Group Policy administration.

      Updating the Administrative Templates files

      In Group Policy for versions of Windows that are earlier than Windows Vista, if you change Administrative Templates policy settings on local computers, the Sysvol share on a domain controller within your domain is automatically updated to include the new .ADM files. Those changes are then replicated to all other domain controllers in the domain. This might increase the network load and storage requirements.

      In Group Policy for Windows Server 2012 R2 and Windows 8.1, if you change Administrative Templates policy settings on local computers, Sysvol is not automatically updated to include the new .admx or .adml files. This change in behavior is implemented to reduce network load and disk storage requirements and to prevent conflicts between .admx and .adml files when changes are made to Administrative Templates policy settings across different locations.

      To make sure that any local updates are reflected in Sysvol, you must manually copy the updated .admx or .adml files from the PolicyDefinitions file on the local computer to the Sysvol\PolicyDefinitions folder on the appropriate domain controller.

      The following update enables you to configure the Local Group Policy editor to use Local .admx files instead of the Central Store:

      2917033 An update is available to enable the use of Local ADMX files for Group Policy Editor

      Known Issues

      …..

      --------------------------------------

      1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

      SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

      CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
      Graphics Radeon RX 580, RX 580 ONLY Over Clocked
      More perishable

      2xMonitors Asus DVI, Sony 55" UHD TV HDMI

      1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
      1xOS W8.1 Pro, NAS Dependent, Same Sony above.

      -----------------

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Known issues managing a Windows 10 Group Policy client in Windows Server 2012 R2

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.