Creating a New Group Policy Object for Devices

  • Article

10/3/2008

The following procedures show you how to create a new Group Policy object (GPO) for managed Windows Mobile powered devices. To create a new GPO for managed devices, you must first create a new GPO and then add the administrative template (ADM) file for managed devices to the new GPO. During installation of MDM Administrator Tools the ADM template is installed in %windir%\inf, the default windows directory, for example D:\Windows\inf.

For instructions on creating custom ADM template files, see this Microsoft Web site:

https://go.microsoft.com/fwlink/?LinkId=128439.

To have MDM use the custom ADM template, the registry key in the template should take the following format:

KEYNAME "SOFTWARE\Policies\Microsoft\Windows Mobile Settings\<CSPName>\..."

For example, to set a registry value RegValue on the device, the ADM template might look like:

POLICY !!Policy_MyPolicy
 PART !!Part_MyPolicy EDITTEXT REQUIRED 
  KEYNAME "SOFTWARE\Policies\Microsoft\Windows Mobile Settings\Registry\HKLM\Software\MyApp"
  VALUENAME "RegValue"
 END PART
END POLICY

After you add the ADM file to the GPO, policies related to security, encryption and device management appear in the navigation pane under Computer Configuration/Administrative Templates/Windows Mobile Settings. User related settings are located under User Configuration/Administrative Templates/Windows Mobile Settings.

To create a new Group Policy Object

  1. In the Group Policy Management Console, locate the Group Policy Objects node.

  2. Right-click Group Policy Objects and then choose New.

  3. In the New GPO dialog box, type the name that you want to use to use, and then choose OK.

To add the Administrative Template file to a new Group Policy Object

  1. In the Group Policy Management Console, expand Group Policy Objects and then locate the new GPO.

  2. Right-click the new GPO and then select Edit.

  3. In the Group Policy Object Editor, expand Computer Configuration, and then locate Administrative Templates.

  4. Right-click Administrative Templates and then choose Add/Remove Templates.

  5. In the Add/Remove Templates dialog box, choose Add.

  6. In the Policy Templates dialog box, select the file Mobile.adm, and then choose Open. The selected ADM file appears in the list of current policy templates in the Add/Remove Templates dialog box.

  7. In the Add/Remove Templates dialog box, choose Close.

Upgrading Server Builds with ADM File Changes

If you upgrade a server build that has ADM file changes, then existing GPOs might contain out-dated or excess registry keys, which results in the wrong data being sent to the device. Use the following steps in the Group Policy Management Console to resolve this issue.

To upgrade server builds with ADM File Changes

  • Manually re-create the GPO; or

  • Select Remove a template, and then select Add to force the GPO to pick up a different ADM file; or

  • Create a centralized repository for ADM templates.

To create a centralized repository for ADM templates

  1. Delete the ADM templates from each Group Policy template (GPT).

  2. Place a copy of the latest version of every ADM template (default and customized) into the C:\Windows\Inf folder on every desktop that will administer GPOs.

  3. Create a GPO that targets the computers modified in step 2.

  4. In the GPO, modify the Always Use Local ADM Files for Group Policy Editor setting to Enabled. This setting is located under Computer Configuration\Administrative Templates\System\Group Policy.

  5. Create a GPO that targets the user accounts that have privileges to edit GPOs.

  6. In the GPO, modify the Turn off Automatic Updates of ADM files setting to Enabled. This setting is located under User Configuration\Administrative Templates\System\Group Policy.

See Also

Other Resources