Creating a Group Policy Central Store
One of the issues that sometimes made managing group policies difficult in Windows XP and in Windows Server 2003 was the non centralized nature of the group policy template files. For example, Microsoft offers downloadable templates that allow you to manage Microsoft Office via group policy. Even so, these templates are not automatically available from every domain controller.
In Windows Vista and Windows Server 2008, Microsoft decided to make life easier for network administrators by introducing the concept of centralized group policy storage. This storage repository, known as a central store, can be created in domains containing Windows Server 2003 and / or Windows Server 2008 domain controllers. Even though Windows Server 2003 does not technically support centralized group policy storage, Windows Vista does, and this allows you to store the central store on Windows Server 2003 domain controllers if necessary, but manage the central store through Windows Vista.
How Does a Central Store Work?
As you may have gathered from the previous paragraph, there is really nothing special about the central store itself. It is nothing more than a folder on a server. The reason why a central store can work the way that it does is because of the way that the store is used by Windows Vista and Windows Server 2008.
When an administrator attempts to create or edit a group policy template, Windows checks the domain controller to which it is connected for the existence of a central store. If a central store exists, then Windows will use that central store by default. Otherwise, local copies of the template files are used.
Creating a Central Store
Creating a central store is actually a rather simple process. The first thing that you will have to do is to log onto a computer that is running either Windows Vista or Windows Server 2008. If you have one particular machine that has all of your group policy template files installed on it, then that machine is a good candidate.
The next thing that you must do is to open Windows Explorer, and then go into the C:\Windows folder. Locate the PolicyDefinitions folder, right click on it, and then choose the Copy command from the shortcut menu. This will copy the folder and its contents to the Windows clipboard.
The next step in the process is to map a network drive letter to the sysvol folder on a domain controller. The full path that you will need to access on the domain controller is c:\Windows\SYSVOL\domain\Policies. Finally, copy the PolicyDefinitions folder to the \Windows\SYSVOL\domain\Policies folder on the domain controller. You can see what this looks like in Figure A.
Figure A Copy the PolicyDefinitions folder to the domain controller’s \Windows\Sysvol\Domain\Policies folder.
Testing Your Central Store
In order to gain the maximum benefit from the central store that you have created, I recommend that you periodically run tests to make sure that the central store is actually being used. Fortunately, testing a your central store is even easier to do than creating the central store was. To do so, open the Group Policy Management console. Now, navigate through the console tree to Forest | Domains | your domain | Group Policy Objects | Default Domain Controller Policy. Upon selecting this policy container, the pane on the right side of the console should display a series of tabs. Go to the Settings tab, and look at the Administrative Templates section. It should confirm that the policy definitions (the ADMX files) have been retrieved from the central store.
One thing that you must keep in mind about this technique is that you may occasionally run into situations in which the Settings tab for a particular group policy template does not even contain an Administrative Templates section, let alone tell you that the template was retrieved from the central store. The reason why this occasionally happens is that the Administrative Templates section is only displayed if the group policy object contains at least one setting.
As you can imagine, keeping group policy templates in a central location can be a significant management issue for companies. However, Windows Server 2008’s (and Windows Vista’s) ability to create a central store greatly simplified the process of keeping track of the various group policy objects that are in use within your company.
About Brien Posey
Brien Posey is an MCSE and has won the Microsoft MVP award for the last two years. Brien has written over 3,000 technical articles and written or contributed material to 27 books. In addition to his technical writing, Brien is the co-founder of Relevant Technologies and also serves the IT community through his own Web site at www.brienposey.com. Prior to being a freelance author, Brien served as CIO for a chain of hospitals. He was also previously in charge of IT security for Fort Knox.
Recent Windows Server 2008 Forum threads
Got a question? Post it on our Windows Server 2008 forums!
More in Active Directory
Microsoft Releases Update to Streamline Exchange Online License Assignments
Jan 24, 2023 | Rabia Noureen
Microsoft Announces New Multibillion-Dollar Investment in OpenAI
Jan 23, 2023 | Rabia Noureen
How to Export Active Directory Users to CSV With PowerShell and ADUC
Jan 23, 2023 | Michael Reinders
ManageEngine ADSelfService Plus: Protect On-Premises and Cloud Services from Password Attacks with Multi-factor Authentication
Jan 12, 2023 | Michael Reinders
Microsoft 365 to Launch New $1.99/Month Basic Subscription with 100 GB of OneDrive Storage
Jan 11, 2023 | Rabia Noureen
Samsung Releases Server-Side Fixes for Microsoft Intune Android 13 Enrollment Issues
Dec 22, 2022 | Rabia Noureen
Most popular on petri