Identifying Interoperability Issues
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You need to consider possible interoperability issues when planning a Group Policy implementation in a mixed environment. Group Policy only applies to computers running Windows 2000, Windows XP Professional, or Windows Server 2003. You can only use GPMC on a computer running Windows XP Professional or Windows Server 2003 in an Active Directory network.
Windows Server 2003 and Windows XP Professional include many new Group Policy settings that are not used on Windows 2000. However, even if the client and server computers in your organization mostly run Windows 2000, and you have any Windows Server 2003 – based computers, you should use the Windows Server 2003 administrative templates (.adm files) because they are the latest .adm files and so are the most inclusive. If you apply a GPO with newer settings to a previous operating system that does not support the setting, it will not cause a problem. Destination computers that are running Windows 2000 or Windows XP Professional will simply ignore settings supported only in Windows Server 2003. To determine which settings apply to which operating systems, in the description for the setting, see the Supported on information, which explains which operating systems can read the setting.
If you are planning to deploy Group Policy in mixed environments, take the following Group Policy processing behavior into account.
If the destination computer is running Microsoft® Windows NT® version 4.0, Microsoft Windows® 95, or Microsoft Windows® 98, it uses System Policy rather than Group Policy. System Policy is a Windows NT 4.0-style policy based on registry settings specified by using the System Policy Editor, Poledit.exe.
If the destination computer is running Windows 2000, Windows XP Professional, or Windows Server 2003, and the computer account and the account for the logged-on user are both located in a Windows 2000 or Windows Server 2003 domain, both the computer and the user portions of a GPO are processed. If either the logged-on user account or the computer account is located in a Windows NT 4.0 domain, System Policy is processed for those accounts located in the domain.
Identifying and troubleshooting problems in a mixed environment where both System Policy and Group Policy apply can be difficult and time-consuming. When possible, move both the computer and the user account into a Windows 2000 or Windows Server 2003 domain. For more information about migrating user and computer accounts from a Windows NT 4.0 domain to Windows 2000 or Windows Server 2003 domain, see Overview of Upgrading Windows NT 4.0 Domains in Designing and Deploying Directory and Security Services of this kit.