monkeydust.net

the ramblings of a crazed IT administrator

How to Create and Edit Group Policy for Vista/Windows 7 PC’s

by · Published · Updated

Ive spent the better part of the last week or so documenting our existing Group Policy and getting a test environment ready so I can develop and test a new policy for Vista and Windows 7 (well, most likely just Windows 7 as I cant see us ever touching Vista again!). One problem I’ve hit so far is there is no easy guide that explains how to get everything setup, just different guides all pointing to different files (at one point I think I was downloading 3 different versions of the same file because different Microsoft guides said to use different versions).

So, heres what you need to manage GPO’s for Windows 7:

  • Windows 7 – Even if all your Domain Controllers are Windows 2003 you can only create/edit Windows 7 GPO’s from a Windows 7/Vista/2008 R2 host. My recommendation is to use a virtual machine for this, if you dont want to buy a license yet you can use the trial version of Windows 7 for 90 days.
  • Download and install the Windows 7 Remote System Administrators Tools pack (This will only work for Windows 7, if you are using Windows Vista or 2008 to manage your GPO’s you will need to corresponding RSAT pack).
  • By default the Group Policy Management Console isnt enabled so we need to enable it in the Control Panel. Go to Control Panel -> Programs and Features -> Turn Windows features on or off -> Remote Server Administration Tools -> Feature Administration Tools -> Enable Group Policy Management Tools.
  • Now we can see all the shiny new Group Policy options that have been added for Windows 7 but we need to make it so that when we create a policy all the other computers that use it make use of the same source admx files, currently GPMC is only looking at the admx files installed locally. To change this we need to copy all our admx and adml files onto a Domain Controller (which will then sync them to all the other DC’s in your network).
  • Copy the PolicyDefinitions folder that is in the Windows folder on your Windows 7 PC to your Domain Controller’s sysvol folder, this is normally \\<domain controller>\sysvol\<your domain name>\Policies

There we go, you should now be able to use this Windows 7 PC to create and manage your Group Policy for all Vista/Win7/Win 2008 machines even if your domain controllers all run Windows 2003. Dont forget though, even though you can see these Windows 7 policies in GPMC on Windows 2003, if you edit them there you risk corrupting them and causing yourself a big headache! Only edit Windows 7 GPO’s from a computer running Windows Vista, 7, 2008 or 2008 R2!

Tags:

Nick

Im a Sys-Admin for a growing UK company working down on the sunny South Coast of England, I love all things techie, especially Exchange and Virtualisation stuff. When not tinkering I can normally be found playing online games such as Planetside 2, Dayz and Battlefield 4.