Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Windows Client TechCenter
Click to Rate and Give Feedback

  Switch on low bandwidth view
Managing Group Policy ADMX Files Step-by-Step Guide

Microsoft Windows Vista® and Windows Server 2008 introduce a new format for displaying registry-based policy settings. Registry-based policy settings (located under the Administrative Templates category in the Group Policy Object Editor) are defined using a standards-based, XML file format known as ADMX files. These new files replace ADM files, which used their own markup language. The Group Policy tools —Group Policy Object Editor and Group Policy Management Console—remain largely unchanged. In the majority of situations, you will not notice the presence of ADMX files during your day-to-day Group Policy administration tasks.

Some situations require an understanding of how ADMX files are structured and the location where they are stored. This guide introduces you to ADMX files, showing you how ADMX files are incorporated when editing Administrative Template policy settings in a local or domain-based Group Policy object (GPO). ADMX files provide an XML-based structure for defining the display of the Administrative Template policy settings in the Group Policy tools. The Group Policy tools will recognize ADMX files only if you are using a Windows Vista–based or Windows Server 2008–based computer.

Unlike ADM files, ADMX files are not stored in individual GPOs. For domain-based enterprises, administrators can create a central store location of ADMX files that is accessible by anyone with permission to create or edit GPOs. Group Policy tools will continue to recognize custom ADM files you have in your existing environment, but will ignore any ADM file that has been superseded by ADMX files: System.adm, Inetres.adm, Conf.adm, Wmplayer.adm, and Wuau.adm. Therefore, if you have edited any of the these files to modify existing or create new policy settings, the modified or new settings will not be read or displayed by the Windows Vista–based Group Policy tools.

The Group Policy Object Editor automatically reads and displays Administrative Template policy settings from ADMX files that are stored either locally or in the optional ADMX central store. The Group Policy Object Editor will automatically read and display Administrative Template policy settings from custom ADM files stored in the GPO. You can still add or remove custom ADM files with the Add/Remove template menu option. All Group Policy settings currently in ADM files delivered by the Windows Server 2003, Windows XP, and Windows 2000 will also be available in Windows Vista and Windows Server 2008 ADMX files.

This guide covers two different scenarios to highlight the potential differences in the ADMX storage location and the Group Policy tools needed when working with local and domain-based GPOs.

Some Important Factors About the Implications of ADMX Files in Your Environment

  • New Windows Vista–based or Windows Server 2008–based policy settings can be managed only from Windows Vista–based or Windows Server 2008–based administrative machines running Group Policy Object Editor or Group Policy Management Console. Such policy settings are defined only in ADMX files and, as such, are not exposed on the Windows Server 2003, Windows® XP, or Windows 2000 versions of these tools. An Administrator will need to use the Group Policy Object Editor from a Windows Vista–based or Windows Server 2008–based administrative machine to configure a new Windows Vista–based Group Policy settings.
  • In Group Policy for versions of Windows earlier than Windows Vista, if you modify Administrative template policy settings on local computers, the Sysvol share on a domain controller within the domain is automatically updated with the new ADM files. In Group Policy for Windows Server 2008 and Windows Vista, if you modify Administrative template policy settings on local computers, Sysvol will not be automatically updated with the new ADMX or ADML files (ADML files are XML-based ADM files that contain language-specific settings). This change in behavior is implemented to reduce network load and disk storage requirements, and to prevent conflicts from occurring between ADMX files and ADML files when edits to Administrative template policy settings are made across different locales. To ensure that any local updates are reflected in Sysvol as well, you must manually copy the updated ADMX or ADML files from the PolicyDefinitions folder on the local computer to the Sysvol\PolicyDefinitions folder on the appropriate domain controller.
    note
    Updates to Sysvol are replicated to all domain controllers in the domain, which results in increased network traffic and load placed on the domain controllers. Therefore, to minimize the impact of this operation in your domain, we recommend that you schedule the copying of Administrative templates to Sysvol outside core business hours.
    To download the Administrative template files for Windows Server 2008, see Administrative Templates (ADMX) for Windows Server 2008 (http://go.microsoft.com/fwlink/?LinkId=116434).
  • Group Policy Object Editor on Windows Server 2003, Windows XP, or Windows 2000 machines will not display new Windows Vista Administrative Template policy settings that may be enabled or disabled within a GPO.
  • The reporting function of GPMC on Windows Server 2003 and Microsoft Windows XP will display new Windows Vista Administrative Template policy settings as extra registry settings.
  • The Windows Vista or Windows Server 2008 versions of Group Policy Object Editor and Group Policy Management Console can be used to manage all operating systems that support Group Policy (Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000).
  • Administrative Template policy settings that currently exist in ADM files from Windows Server 2003, Windows XP, and Windows 2000 can be configured from all operating systems that support Group Policy (Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000).
  • The Windows Vista or Windows Server 2008 versions of Group Policy Object Editor and Group Policy Management Console support interoperability with versions of these tools on Windows Server 2003, and Windows XP. For example, custom ADM files stored in GPOs will be consumed by Group Policy Object Editor and GPMC on Windows Vista, Windows Server 2008, Windows Server 2003, and Windows XP.
  • The Windows Vista or Windows Server 2008 versions of Group Policy Object Editor support interoperability with versions of Group Policy Object Editor on Windows Server 2000. For example, custom ADM files stored in GPOs will be consumed by Group Policy Object Editor on Windows Vista, Windows Server 2008, and Windows 2000. (GPMC does not run on Windows 2000.)
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Thanks Microsoft For Making Our Lives So Hard YET AGAIN      lachlan mcintosh   |   Edit   |   Show History
  • Group Policy Object Editor on Windows Server 2003, Windows XP, or Windows 2000 machines will not display new Windows Vista >Administrative Template policy settings that may be enabled or disabled within a GPO.

Thanks Microsoft For Making Our Lives So Hard YET AGAIN.
Tags What's this?: rant (x) Add a tag
Flag as ContentBug
RE: Thanks Microsoft For Making Our Lives So Hard YET AGAIN      fourpastmidnight   |   Edit   |   Show History
Amen to that! I just bought Volume License for SBS 2003 and Vista desktops about two years ago only to find out after the fact that Vista clients can only be managed completely by other Vista clients (or Windows Server 2008). Way to shoot all the IT people working for small businesses in the back while they're not looking! Since XP and Windows Server 2003 are still so prevalent, even today in 2009, I am surprised at Microsoft's lack of backwards compatability in such an important area of network administration and trying to move people to a "managed desktop". How does this help me have a managed desktop?? You got me!
Tags What's this?: rant (x) Add a tag
Flag as ContentBug
Too Much reading      MattNav ... Thomas Lee   |   Edit   |   Show History

It's a shame that MSFT don't put a simple step by step together. The process of getting Policies to Vista machines is really very simple and despite many hours of reading it's as simple as installing the relevant admin pack on a Vista machine sat in the domain. Once installed this creates a folder on your local Vista Machine with all of the ADMX templates. Copy this to the SYSVOL on your DC.
Then using your Vista Machine you can use gpmc to amend the policies just as before.

A vista Machine with the admin pak on (or server 2008) must be used to change policies affected by Vista.

That's it in a nutshell. Not difficult at all. Hope others find this of help and hope it saves them lots of reading.

Regards
Matt

Tags What's this?: gpo (x) rant (x) server (x) vista (x) Add a tag
Flag as ContentBug
Thanks Microsoft, another reason not to use Vista      Anonymous Bosch ... Thomas Lee   |   Edit   |   Show History
"A vista Machine with the admin pak on (or server 2008) must be used to change policies affected by Vista.

That's it in a nutshell. Not difficult at all. Hope others find this of help and hope it saves them lots of reading."

I know, how about we just abandon the entire concept of centralised management entirely in favour of doing everything from client workstations. Because it's such a good thing to have to ask someone to log off their computer at a client site so I can do the job they are paying me for, effectively stopping them from conducting their business. So extremely professional.

News for Microsoft, not everyone using their products is so small fry that they sit on-site using a workstation on the client network - some of us only manage large numbers of servers remotely. You know, the ones who actually make Microsoft real money.
Flag as ContentBug
© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
Page view tracker