Group Policy - Administrative Templates
Remember that this section deals specifically with Group Policies which
lockdown the machine. As with all Computer Configuration Policies,
Administrative Templates affect all users who logon - including the
administrator.
Did you know that the newer Windows 200x Administrative policies remove the settings
from the registry when the user or computer is outside the scope?
Administrative Templates for Group Policies
To get started, launch the GPMC, or else use ADUC to edit a Group Policy. Now to view, add or remove the ADM files, simply right click the Administrative Templates folder.
(See screen shot.)
ADM
Administrative Template files started life in NT 4.0. The idea is that Group Policy
settings, which control the registry, can be imported to the GPO and so give
you command of the users environment.
Conf.adm - Just for Netmeeting
Inetres.adm - Internet Explorer, particularly the Maintenance Polices. Inetres doubles in size when you apply Windows Server 2003 SP1
System.adm - Most of the Group Policies, see how big this file is
Wmplayer.adm - Just the Media player settings
Wuau.adm - Controlling the update Service
To begin with no action is required, Windows Server 2003 automatically
loads 5 built-in templates. Later, you can add other ADM templates,
including Group Policy templates that you make yourself.
 Troubleshooting
Group Policies is tricky
As an MCT trainer, I can thoroughly recommend TrainSignal because they
provide practical hands on training. In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example Group Policy or go for
a combination of modules.
See more about Group Policy training here
On no account rename these templates. If you do rename the above original Group Policy templates, then when you apply a service pack your policies will be
deleted and replaced by default the above defaults.
Be aware that there are two sets of Administrative Templates, one for
Computers and another for Users. Should there be a conflict of
settings, then the Computer Configuration wins. For example, if
'Prevent Access to 16 bit applications' is enabled in the Computer
Configuration, but disabled in the User Configuration, then enabled wins
because it's in the Computer Settings. The logic being, by the
time the user logs on, too late, the Computer Configuration has already run.
‡
Pre-requisites before you create a policy:
- Access to a Windows Server 2003 domain controller.
(Windows 2000 will be different)
- Group Policy Management Console (GPMC) is installed.
- Create a test OU. (Not essential, but safer than using the
default domain policy)
- Right click your policy, then edit.
- Navigate to the Computer Configuration. Next, expand
the Administrative Templates then Windows Components.
Next:
Windows Components |
Download my
'Master Group Policies' ebook only $6.25
