MCITP 70-640: Installing Group Policy Tools


Uploaded by itfreetraining on 20.11.2012

Transcript:
Hi - welcome to another free video from IT Free Training. In this video I will show you
how to install the tools required to effectively administrate Group Policy in your organization.
I will also look at how to centralize the ADMX tools required from Group Policy on your
network. After viewing this video, you will be able
to effectively administrator Group Policy from your client computer rather than using
a server. The client computer can be the latest operating system or running an older operating
system like Windows XP. In order to edit Group Policy you require
GPMC or Group Policy Management Console. Even if your organization does not have a single
Windows Server 2008 Domain Controller, it can still make use of the new features available
in Group Policy. For example, on a network with only Windows Server 2003 Domain Controllers,
it is possible to configure settings for Windows Server 2008 R2 member servers and Windows
7 clients. You can also use new features in Group Policy like preferences. The key to
doing this is to make sure all Group Management Tools and Configuration Files are up to date.
The install procedure is different depending on which operating system you are using. On
Windows Server 2008 the GPMC is installed as a feature. To install this feature, run
server manager and ensure that the feature Group Policy Management feature is installed.
In Windows Vista and Windows 7 GPMC it is part of the Remote Server Administration Tools,
downloadable from the Microsoft website. With Windows XP you can download the GPMC as a
standalone install from Microsoft. This will give you the ability to modify Group
Policy depending on which operating system you are running, but Group Policy also has
configuration files that define the settings used in Group Policy.
As we learnt in a previous video from this series, one of the new features added with
Windows Server 2008 is the ability to use an ADMX file with Group Policy. An ADMX file
replaces the old ADM file format used to define the Administrative Templates part of Group
Policy. It is XML based format making it easier to work with. Being an XML file means that
a user can add their own ADMX files to Group Policy. This was possible with ADM but was
not as easy. If you start creating your own ADMX files
you may want to look at centralizing the ADMX files. Doing this will mean multiple administrators
will be able to use the same copy of ADMX files, ensuring that only the most up to date
copy of the ADMX files is ever used. Even if you do not create any custom ADMX files,
centralizing the ADMX files will make it easier to provide updates. For example, if new ADMX
files were to be released for Windows 8, it would be a simple matter of updating the ADMX
in the central store and all the administrators on the network will have access to the new
ADMX files. Lastly ADMX files support multiple languages.
Making the ADMX template centralized makes it easier to add additional languages when
required. The ADMX files are installed by default in
C:\Windows\PolicyDefinitions. These are installed when GPMC is installed.
To centralize the ADMX files, it is a simple matter of copying these files to the SysVol
share. GPMC will automatically check this location for ADMX files. You can copy the
files from the C drive, but to get the latest ADMX files it is worth while downloading these
from the Microsoft website. I will now change to my Windows 7 computer
to look at how to install the GPMC and centralize the ADMX files with the latest files from
the Microsoft website. First of all I need to download the Remote
Server Administration Tools from the Microsoft website. You will find the hyperlink in the
description of this video. It can also be found easy enough by using a search engine.
Once I have found the website, all I need to do is select the download option.
Once the download is complete, run the setup program. The GPMC is only one of the tools
installed with Remote Server Administration Tools, but in this example it will be the
only that is being used. The install is quite simple; accept the license
at the license screen and finish the install wizard. The install takes a few minutes to
complete but I have speed up the process. Once the install is finished, a help-screen
will appear to tell you how to enable the tools you require. The process involves opening
the control panel, selecting program and then selecting the option, “Turn Windows features
on or off.” All the administration tools are found under
Remote Server Administration Tools. The GPMC is found under, “Feature Administration
Tools.” All that needs to be selected is the option, “Group Policy Management Tools.”
Now that the Group Policy Management tools have been installed, I can run Group Policy
Management from under administrative tools under the start menu. Next I will expand down
to one of the Domain Group Polices and edit it.
Since Group Policy Management has just been installed, a warning will appear telling me
that I have selected a link and thus the Group Policy Object will be edited instead. It is
safe to acknowledge this message and edit the Group Policy. If you are unsure of how
the links work in Group Policy, in the next video links in Group Policy will be covered
in more detail. Notice that when I scroll over the Administrative
Templates it informs us that Policy definitions are being retrieved from the local machine.
To make management of the ADMX files easier, I will move these into a central store.
First of all I want to make sure that I have the latest ADMX files, so I will open internet
explorer and perform a search for the ADMX templates. The link for this download can
be found in the description for this video. Once the file has been downloaded from the
Microsoft website, I will run it from the desktop. The install is a simple process,
bypass the welcome, accept the license, choose default install path and then simply next
your way to the end. If I open Windows Explorer and navigate to
the Windows drive, under the directory, PolicyDefinitions, is the current ADMX file that is being used
by the group Policy Management Console. Notice that all ADMX files and the language
directory at the top of screen. In the language folder you can see all the ADML files.
You could use these files for the central store, but these may not be the most up to
date and do not contain extra languages. I will instead navigate to the Program Files
Directory, Microsoft Group Policy and down through the directories. You will notice that
a large number of language directories will appear. Below these are the ADMX files.
To copy these to the central store, copy the directory PolicyDefinitions. Next you need
to open the SysVol folder. The SysVol folder is located on each Domain Controller, if you
do not know the name of a Domain Controller you can always enter in double backslash followed
by the domain name, backslash followed by SysVol.
In the SysVol folder is a shortcut to the domain. Once opened there is two directories,
one for Polices and anther one for scripts. Under the Policies Directory is a folder for
each of the Group Polices that have been created in the domain.
The next step is to create the central store. Copy the PolicyDefinition directory to this
location. I have copied all the language folders in this case; however you should remove the
ones that you do not need in order to make the SysVol folder smaller.
If I open one of the folders that store Group Polices, notice there are three directories.
The first folder is ADM. This folder stores the old ADM files before ADMX was developed.
For each Group Policy that was created a separate ADM files are copied to this location. You
can see why ADMX files are more efficient because all Group Policies share the same
set of ADMX files. The Machine folder contains the Group Policy
settings for the computer side of Group Policy. The folder “User” contains the Group Policy
settings for the user side of Group Policy. If I close out of here and go back to Group
Policy Management, notice the differences when I edit one of the Group Polices. This
time, when I expand down to Administrative Templates, notice that the ADMX files are
now being retrieved from a Central Store rather than using the ADMX files on the Local Computer.
Notice as well, the folder Classic Administrative Templates (ADM). I have added an ADM file
to this Group Policy so that it will now be visible. This is how the Group Policy Management
Console allows you to use the old ADM files or the new ADMX files. Whenever possible you
should use the newer ADMX files, but if you have Group Policy that uses the older ADM
files you are still able to edit and reuse these.
This video has looked at how to install the GPMC and how to store ADMX files in a Central
Store. Assuming that Microsoft releases ADMX files for Windows 8 and Windows Server 2012;
you will be able to use the same process to add these templates to the Central Store making
Windows 8 and Windows Server 2012 Group Policy settings available to you in the domain.
Thanks for watching anther free video from IT Free Training. All our videos are free
to watch on Youtube anytime. See you next.