Supporting Windows 7 Group Policy Settings with Windows Server 2003 Domain Controllers
Tags: active directory
Recently, I was asked the following question: “We plan to implement Windows 7 in our network very soon. We want to use Windows 2003 Domain Controllers for the next couple of years. Can we make the hundreds of new Group Policy setting available to Windows 7 Windows Server 2003 DCs?”
This is not an unusual situation. Some organizations find they need to replace their desktop computers immediately because of age or obsolescence and others wish to upgrade to Windows 7 because of its superior security and performance. But there may be no budget or desire to upgrade to Windows 2008 or 2008 R2. Luckily, it is not difficult to adapt Server 2003 to work with Windows 7.
Group Policy settings are edited through the use of ADM and ADMX template files. These files are accessed though the Group Policy Management Console (GPMC) or the Group Policy Object Editor (GPOE). As settings are configured in the editing tools a Registry.pol is created. The Registry.pol file is made available to client computers in the Group Policy Object Container on the Domain Controller. Client computers process the Registry.pol file to receive their Group Policy settings. The ADM/ADMX files are needed only by computers running the editing tools. Editing Group Policies using ADMX templates requires that the editing tools be run only on Microsoft Vista, Server 2008 or Windows 7. ADM templates can be edited on Windows XP or Server 2003. ADMX files use XML-based markup language that includes no language specific comments or descriptions. The ADMX file references sADML files in a sub-folder such as EN-US (for English) or FR (for French) that give the ADMX file appropriate language support. Multi-national organizations will only have to deploy one set of ADMX files and can add ADML files for each language spoken by its administrators.
One of the chief benefits ADMX and ADML files is that they can be made available through the use of a Central Store on the Domain Controllers. Windows Server 2003 can host a Central Store as easily as Server 2008. To create a Central Store simply create a PolicyDefinitions folder in the SYSVOL with a path of %WINDIR%\SYSVOL\domain\Policies\PolicyDefinitions. Copy the ADMX templates from a Windows 7 computer into the SYSVOL location. Window 7 keeps a copy of the ADMX and ADML files in its own PolicyDefinitions folder located in the Windows folder. Once it is placed in the Central Store, the File Replication Service on Server 2003 will replicate the PolicyDefinitions folder to all Domain Controllers in the Domain so that the templates are available for use by the editing tools. An ADMX/ADML Central Store requires much less space on the SYSVOL than ADM files and will reduce replication costs.