
close
close
One of the issues that sometimes made managing group policies difficult in Windows XP and in Windows Server 2003 was the non centralized nature of the group policy template files. For example, Microsoft offers downloadable templates that allow you to manage Microsoft Office via group policy. Even so, these templates are not automatically available from every domain controller.
advertisment
In Windows Vista and Windows Server 2008, Microsoft decided to make life easier for network administrators by introducing the concept of centralized group policy storage. This storage repository, known as a central store, can be created in domains containing Windows Server 2003 and / or Windows Server 2008 domain controllers. Even though Windows Server 2003 does not technically support centralized group policy storage, Windows Vista does, and this allows you to store the central store on Windows Server 2003 domain controllers if necessary, but manage the central store through Windows Vista.
As you may have gathered from the previous paragraph, there is really nothing special about the central store itself. It is nothing more than a folder on a server. The reason why a central store can work the way that it does is because of the way that the store is used by Windows Vista and Windows Server 2008.
When an administrator attempts to create or edit a group policy template, Windows checks the domain controller to which it is connected for the existence of a central store. If a central store exists, then Windows will use that central store by default. Otherwise, local copies of the template files are used.
Creating a central store is actually a rather simple process. The first thing that you will have to do is to log onto a computer that is running either Windows Vista or Windows Server 2008. If you have one particular machine that has all of your group policy template files installed on it, then that machine is a good candidate.
advertisment
The next thing that you must do is to open Windows Explorer, and then go into the C:\Windows folder. Locate the PolicyDefinitions folder, right click on it, and then choose the Copy command from the shortcut menu. This will copy the folder and its contents to the Windows clipboard.
The next step in the process is to map a network drive letter to the sysvol folder on a domain controller. The full path that you will need to access on the domain controller is c:\Windows\SYSVOL\domain\Policies. Finally, copy the PolicyDefinitions folder to the \Windows\SYSVOL\domain\Policies folder on the domain controller. You can see what this looks like in Figure A.
advertisment
Figure A Copy the PolicyDefinitions folder to the domain controller’s \Windows\Sysvol\Domain\Policies folder.
In order to gain the maximum benefit from the central store that you have created, I recommend that you periodically run tests to make sure that the central store is actually being used. Fortunately, testing a your central store is even easier to do than creating the central store was. To do so, open the Group Policy Management console. Now, navigate through the console tree to Forest | Domains | your domain | Group Policy Objects | Default Domain Controller Policy. Upon selecting this policy container, the pane on the right side of the console should display a series of tabs. Go to the Settings tab, and look at the Administrative Templates section. It should confirm that the policy definitions (the ADMX files) have been retrieved from the central store.
One thing that you must keep in mind about this technique is that you may occasionally run into situations in which the Settings tab for a particular group policy template does not even contain an Administrative Templates section, let alone tell you that the template was retrieved from the central store. The reason why this occasionally happens is that the Administrative Templates section is only displayed if the group policy object contains at least one setting.
As you can imagine, keeping group policy templates in a central location can be a significant management issue for companies. However, Windows Server 2008’s (and Windows Vista’s) ability to create a central store greatly simplified the process of keeping track of the various group policy objects that are in use within your company.
About Brien Posey
Brien Posey is an MCSE and has won the Microsoft MVP award for the last two years. Brien has written over 3,000 technical articles and written or contributed material to 27 books. In addition to his technical writing, Brien is the co-founder of Relevant Technologies and also serves the IT community through his own Web site at www.brienposey.com. Prior to being a freelance author, Brien served as CIO for a chain of hospitals. He was also previously in charge of IT security for Fort Knox.
Got a question? Post it on our Windows Server 2008 forums!
More from Brien Posey
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Active Directory
Microsoft Releases Out-Of-Band Patches to Fix Windows AD Authentication Issues
May 20, 2022 | Rabia Noureen
Cloud Conversations – Ståle Hansen on Digital Wellbeing and Viva Explorers
May 19, 2022 | Laurent Giret
Microsoft Rolls Out Azure AD Verifiable Credentials Service to More Customers
May 11, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group