Posts like this is why I find this list sooooo valuable, thanks Bob! David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Free, Bob [mailto:r...@pge.com] Sent: Wednesday, September 23, 2009 12:59 PM To: NT System Admin Issues Subject: RE: GPO question
In pre-Vista operating systems, all the default Administrative Template files are added to the ADM folder of a Group Policy object (GPO) on the domain controller's SYSVOL folder. The SYSVOL folder is automatically replicated to other domain controllers in the same domain. A policy file uses approximately 4 to 5 megabytes (MB) of hard disk space. Because each domain controller stores a distinct version of a policy, replication traffic is increased. This is referred to as SYSVOL bloat. Windows Vista/Server 2008 uses a Central Store to store Administrative Template files. Since Windows Vista, the ADM folder is not created in a GPO as in earlier versions of Windows. Therefore, domain controllers do not store or replicate redundant copies of .adm(x/l) files. To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain. A part from this replication optimisation (by not inserting ADM(X) files into a GPO), also know that all SYSVOL replication is done by DFSR (DFS-Replication) instead of FRS (File Replication Services). More about this in an upcoming blog post, so keep posted. For more information on "How to create the central store": Q929841 http://support.microsoft.com/kb/929841 and Managing Group Policy ADMX Files Step-by-Step Guide http://download.microsoft.com/download/3/b/a/3ba6d659-6e39-4cd7-b3a2-9c96482f5353/Managing%20Group%20Policy%20ADMX%20Files%20Step%20by%20Step%20Guide.doc The above was blatantly plagiarized from Kurt Roggen's blog, he's an MVP in Management Infrastructure from Belgium. http://trycatch.be/blogs/roggenk/ From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Wednesday, September 23, 2009 11:42 AM To: NT System Admin Issues Subject: RE: GPO question 6.0.0.1 - Windows 2008 (not R2) >>> Brian Desmond <br...@briandesmond.com> 9/23/2009 2:21 PM >>> Tom what version of the GPMC are you using? Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Wednesday, September 23, 2009 1:16 PM To: NT System Admin Issues Subject: Re: GPO question Thanks, now I know. If I wanted to be able to edit the GPOs across all DCs I guess it would be okay to copy to sysvol and allow to replicate and point to that folder (or the actual replicated GPO folder)? >>> Ben Scott <mailvor...@gmail.com<mailto:mailvor...@gmail.com>> 9/23/2009 >>> 9:01 AM >>> On Wed, Sep 23, 2009 at 8:41 AM, Tom Miller <tmil...@hnncsb.org<mailto:tmil...@hnncsb.org>> wrote: > I'm adding the MS Office 2008 adm files to my Terminal Server GPO to set > some Office items. Regarding the *.adm files, I copied them to the server > I created the GPO on, but do they need to be copied to every DC so each DC > can read them? No. The ADM files simply provide the interface which appears in the "Administrative Template" section of the GPEDIT GUI. Once you've got things set in the GPO, those settings can exist without a user interface. You won't be able to view/change them without the ADM template, of course. You technically don't even need the ADM files on the DC. If you run GPEDIT on a client, you can load the ADM files into GPEDIT there. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~