- Creating the Group Policy Central Store – Updated for Windows 8.1/2012R2 and Windows 10/Server 2016
- Automating Hardware Driver Installation on Windows 7 and Above
- Get-Needle: Searching for Scripts in All the Right Places
The Group Policy Central Store has two big benefits for every Windows Administrator. First, it allow you (plus anyone else with the GPMC) to have the latest Group Policy administrative templates available. Second, creating a central store will significantly reduce the amount of storage being used on your domain controllers! In this article, we are going to create/update our Group Policy Central Store. We will make the Windows 8.1/Server 2012R2, Office 2013, and a few other ADMX files available to our entire IT department.
To get an idea of how the Group Policy Central Store works, explore your Sysvol for a second. Open an explorer window and navigate to \\DOMAINNAME\sysvol\. Open up any subfolders until you are inside the policies folder. We are now looking the GUID of every Group Policy Object (GPO) in our domain. Open up any policy and you should see a few subfolders. The most common are: ADM, Machine, and User.
By default, your ADM folder will contain five ADM files. Each client will also have a copy of these files. Every policy that you create will automatically include this ADM folder. Our domain has four domain controllers and 767 group policy objects. Each policy would have a 3.46 MB ADM folder in it. That means that our domain uses 10.4 GB of space to store ADM files! Imagine how much space is being wasted in your sysvol.
The great thing about creating the Group Policy Central Store is this will have zero impact on your client machines! Each client already has a local copy of any Administrative Template and the GPMC will simply use the Central Store to pull its available Administrative Templates.
Three Steps to Create the Group Policy Central Store
If you are just updating your Group Policy Central Store, skip to the download links below and replace any file that you are prompted to overwrite.
If you are creating your Central Store, browse back to your Policies folder within Sysvol and create a new folder named “PolicyDefinitions”.
Download the following ADMX templates to populate your Central Store. You will need the first download. The rest are optional.
- Windows 10 ADMX Templates (compatible with earlier versions of Windows – grab latest version – compatible with latest Windows Server release).
- Office 2016 ADMX Templates
- Office 2013 ADMX Templates
- Office 2010 ADMX Templates
- Office 2007 ADMX Templates
- HP Universal Print Driver ADMX Template (gets rid of that annoying Print Notification popup)
- Mozilla FireFox ADMX Templates
- Google Chrome ADMX Templates
Extract the files into your .\Policies\PolicyDefinitions Folder. The ADMX files should be put into the root of this folder. The language folder (ex: en-us) should also be in the root. All ADML files should be within the language folder.
Close any opened GPMC windows on your management machine. Open GPMC again and create a new policy. Navigate to Computer Configuration\Policies\Adm
Cleaning Up the ADM Remains
Your Group Policy Central Store is working and you are already getting the first huge benefit! Every management machine has the exact same set of ADMX files. The second benefit, mentioned above, is a much smaller SYSVOL.
To get your SYSVOL smaller, you will need to delete any ADM templates that you did not import yourself. Search your policies folder for any file with a .ADM extension. In Windows search, you can query “*.ADM” to retrieve all of the ADM files. When searching, you might also want an easy way to convert GPO GUIDs to GPO names. This PowerShell method will help.
You can safely delete the 5 built-in ADM files. They are:
You might still have some ADM files left. You will want to get rid of these as well. First, decide if you still need some of the ADM file. For example, you might have Office 2003 ADM files in SYSVOL even though you are no longer using Office 2003. In my environment, I had Office 2007 ADM files within specific GPOs plus Office 2007 ADMX files in my Central Store. Deleting the Office 2007 ADM files straightened out that problem.
If you still have ADM files that do not have an ADMX equivalent, contact the software maker first. If they are unable to provide ADMX files, you can try to convert the ADM to an ADMX format. Microsoft has released a free ADM to ADMX convertor. It can be found on the Tools page.
Preventing a Second Spill and Additional Links
I know you always use the latest GPMC. Your coworkers might not be as up to date as you (I bet they don’t subscribe to this blog either). But why is using the XP GPMC so bad?
The XP/Server 2003 GPMC isn’t Central Store aware. It will automatically upload ADM files back into an edited GPO. Because of this, it is a best practice to no longer use the GPMC on those operating systems. In a larger environment that has many Group Policy creators, it might be wise to use Software Restriction Policies or File System Security Policies to disable access to the older GPMCs.
And that is it! You’ve created a central store, loaded the latest ADMX files, and cleared out some SYSVOL bloat. The links below list a few tools that might also help.
- How to Create a Central Store: http://support.microsoft.c
- PowerShell Method to Clean Central Store: http://gallery.technet.microsoft.com/scriptcenter/Removing-ADM-files-from-b532e3b6
- Automatic Central Store Creator: http://www.gpoguy.com/Free
Tools/Free ToolsLibra ry/tabid/6 7/ agentTyp e/View/Pro pertyID/88 /Default.a spx