I have a Windows Group Policy question for server 2022, I want to update the ADMX template for the newer features that Win11 has so I can turn off some of the junk. Everything I read says to copy all the files into my
\server\sysvol\domain.local\policies folder, but the only files I see inside that folder are the polices that I have configured and put in place on objects.
What I find by looking around is that I have “matching” file names between server and new templates in the C:\Windows\PolicyDefinitions\en-US folder on the server (dates and file sizes to differ). It seems to me that I should overwrite these files with the downloaded templates and restart GPO or reboot the computer to make it pick up the new sections of the templates.
So which one should I copy the new templates into? This day is almost over, and I have one person here working… But tomorrow, for better or for worse, I’m definitely going to overwrite the files in that Windows folder and reboot both DC to see what happens! I’m grab a snapshot through XO first (XCP-NG VMs) just to make sure I have something I can fall back on.
Do you have the central store setup?
For a video overview on creating a central store, see this video by Jeremy Moskowitz.
When you download additional admx and adml files, copy the admx file(s) to the PolicyDefinitions folder
and the adml file(s) to the language-specific folder(s) under the PolicyDefinitions folder.
The SYSVOL folder tree replicates to all DCs. On both DCs, open File Explorer and browse to
C:\Windows\SYSVOL\sysvol<DomainName>\Policies. Each DC in the domain has a copy of the
PolicyDefinitions folder.
As you add admx and adml files to one DC’s
C:\Windows\SYSVOL\sysvol<DomainName>\Policies\PolicyDefinitions folder, SYSVOL replication copies
the new file(s) to all other DCs in the domain.
Thanks, I was thinking about this too much. The replication was the part that I wasn’t thinking about and why it goes into sysvol. I just thought they would have had a task to replicate from some other place specific to GPO and after finding where these other policies were located, thought I must be doing something wrong.
Copied into the correct folder, going to wait a bit for replication and restart to see if I can configure the new Win11 stuff. Still missing a bunch of things I want to disable, but this is a good start, I have around 24 things to disable, just need to get them into user and machine objects to apply them.
[edit] Replication was faster than copying the files. Looking through a couple of policies that were marked in the spreadsheet as 23h2 only, and I’m seeing them so I think I’m done, just need to configure them. Thanks again.