Computer Group Policy – Administrative Templates

Group Policy – Administrative Templates

Remember that this section deals specifically with Group Policies which lockdown the machine.  As with all Computer Configuration Policies, Administrative Templates affect all users who logon – including the administrator.

Did you know that the newer Windows 200x Administrative policies remove the settings from the registry when the user or computer is outside the scope?

Administrative Templates for Group PoliciesAdministrative Templates add remove adm files

Getting Started

To get started, launch the GPMC, or else use ADUC to edit a Group Policy.  Now to view, add or remove the ADM files, simply right-click the Administrative Templates folder.  (See screen shot.)

Importing Administrative TemplatesImporting Group Policies Adm Add Remove Templates

ADM Administrative Template files started life in NT 4.0. The idea is that Group Policy settings, which control the registry, can be imported to the GPO and so give you command of the users environment.

Conf.adm – Just for Netmeeting

Inetres.adm – Internet Explorer, particularly the Maintenance Polices.  Inetres doubles in size when you apply Windows Server 2003 SP1

System.adm – Most of the Group Policies, see how big this file is

Wmplayer.adm – Just the Media player settings

Wuau.adm – Controlling the update Service

To begin with no action is required, Windows Server 2003 automatically loads 5 built-in templates.  Later, you can add other ADM templates, including Group Policy templates that you make yourself.

Guy Recommends: Permissions Analyzer – Free Active Directory ToolFree Permissions Analyzer for Active Directory

I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT.  When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource.  Give this permissions monitor a try – it’s free!

Download Permissions Analyser – Free Active Directory Tool


On no account rename these templates.  If you do rename the above original Group Policy templates, then when you apply a service pack your policies will be deleted and replaced by default the above defaults.

Conflicting Administrative Templates

Be aware that there are two sets of Administrative Templates, one for Computers and another for Users.  Should there be a conflict of settings, then the Computer Configuration wins.  For example, if ‘Prevent Access to 16 bit applications’ is enabled in the Computer Configuration, but disabled in the User Configuration, then enabled wins because it’s in the Computer Settings.   The logic being, by the time the user logs on, too late, the Computer Configuration has already run.


Sub Folders

Pre-requisites before you create a policy:

  • Access to a Windows Server 2003 domain controller.  (Windows 2000 will be different)
  • Group Policy Management Console (GPMC) is installed.
  • Create a test OU.  (Not essential, but safer than using the default domain policy)
  • right-click your policy, then edit.
  • Navigate to the Computer Configuration.  Next, expand the Administrative Templates then Windows Components.

Group Policy ebook Windows 2003Download my ‘Master Group Policies’ ebook only $6.25

The extra features you get in your eBook include: Spreadsheet with over 850 policies.  Printer friendly version over Word A4 pages in Word.

See more Computer Group Policies

Troubleshooting Group Policies   • Software Installation   • Terminal Services Group Policy Settings

Group Policies  • Windows Components  • Windows Settings   •Computer Network Policies

Computer Printer Policies   • Computer Administrative Templates   •Computer System Policies

If you like this page then please share it with your friends