I figured that was the logical reason for your question so I thought I'd pinch-hit the answer, at least in generalities. J
For Tom, I 'd recommend http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.asp x as a good entry point to grasp the specifics in his environment as there are now 3 different versions of AGPM each with its own specific considerations. As a bonus that link also leads to the new GPO reference spreadsheet updated for WS08 R2& WIN7. I've been meaning to mention here that it was out as prior versions have been rather popular. Direct link to the Group Policy Settings References for Windows and Windows Server: http://www.microsoft.com/downloads/details.aspx?FamilyID=18c90c80-8b0a-4 906-a4f5-ff24cc2030fb&displaylang=en From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Wednesday, September 23, 2009 1:33 PM To: NT System Admin Issues Subject: RE: GPO question Central store was exactly where I was going with that question. Just make sure that once you deploy the central store (and clean up all your ADM files) that you no longer use downlevel GP Editors. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, September 23, 2009 2:59 PM To: NT System Admin Issues Subject: RE: GPO question In pre-Vista operating systems, all the default Administrative Template files are added to the ADM folder of a Group Policy object (GPO) on the domain controller's SYSVOL folder. The SYSVOL folder is automatically replicated to other domain controllers in the same domain. A policy file uses approximately 4 to 5 megabytes (MB) of hard disk space. Because each domain controller stores a distinct version of a policy, replication traffic is increased. This is referred to as SYSVOL bloat. Windows Vista/Server 2008 uses a Central Store to store Administrative Template files. Since Windows Vista, the ADM folder is not created in a GPO as in earlier versions of Windows. Therefore, domain controllers do not store or replicate redundant copies of .adm(x/l) files. To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. A part from this replication optimisation (by not inserting ADM(X) files into a GPO), also know that all SYSVOL replication is done by DFSR (DFS-Replication) instead of FRS (File Replication Services). More about this in an upcoming blog post, so keep posted. For more information on "How to create the central store": Q929841 http://support.microsoft.com/kb/929841 and Managing Group Policy ADMX Files Step-by-Step Guide http://download.microsoft.com/download/3/b/a/3ba6d659-6e39-4cd7-b3a2-9c9 6482f5353/Managing%20Group%20Policy%20ADMX%20Files%20Step%20by%20Step%20 Guide.doc The above was blatantly plagiarized from Kurt Roggen's blog, he's an MVP in Management Infrastructure from Belgium. http://trycatch.be/blogs/roggenk/ From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Wednesday, September 23, 2009 11:42 AM To: NT System Admin Issues Subject: RE: GPO question 6.0.0.1 - Windows 2008 (not R2) >>> Brian Desmond <br...@briandesmond.com> 9/23/2009 2:21 PM >>> Tom what version of the GPMC are you using? Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Wednesday, September 23, 2009 1:16 PM To: NT System Admin Issues Subject: Re: GPO question Thanks, now I know. If I wanted to be able to edit the GPOs across all DCs I guess it would be okay to copy to sysvol and allow to replicate and point to that folder (or the actual replicated GPO folder)? >>> Ben Scott <mailvor...@gmail.com> 9/23/2009 9:01 AM >>> On Wed, Sep 23, 2009 at 8:41 AM, Tom Miller <tmil...@hnncsb.org> wrote: > I'm adding the MS Office 2008 adm files to my Terminal Server GPO to set > some Office items. Regarding the *.adm files, I copied them to the server > I created the GPO on, but do they need to be copied to every DC so each DC > can read them? No. The ADM files simply provide the interface which appears in the "Administrative Template" section of the GPEDIT GUI. Once you've got things set in the GPO, those settings can exist without a user interface. You won't be able to view/change them without the ADM template, of course. You technically don't even need the ADM files on the DC. If you run GPEDIT on a client, you can load the ADM files into GPEDIT there. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
