Group Policy – Administrative Templates
Remember that this section deals specifically with Group Policies which lockdown the machine. As with all Computer Configuration Policies, Administrative Templates affect all users who logon – including the administrator.
Did you know that the newer Windows 200x Administrative policies remove the settings from the registry when the user or computer is outside the scope?
Administrative Templates for Group Policies
- Getting Started
- Importing Administrative Templates
- Conflicting Administrative Templates
- Sub Folders
To get started, launch the GPMC, or else use ADUC to edit a Group Policy. Now to view, add or remove the ADM files, simply right-click the Administrative Templates folder. (See screen shot.)
ADM Administrative Template files started life in NT 4.0. The idea is that Group Policy settings, which control the registry, can be imported to the GPO and so give you command of the users environment.
Conf.adm – Just for Netmeeting
Inetres.adm – Internet Explorer, particularly the Maintenance Polices. Inetres doubles in size when you apply Windows Server 2003 SP1
System.adm – Most of the Group Policies, see how big this file is
Wmplayer.adm – Just the Media player settings
Wuau.adm – Controlling the update Service
To begin with no action is required, Windows Server 2003 automatically loads 5 built-in templates. Later, you can add other ADM templates, including Group Policy templates that you make yourself.
I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource. Give this permissions monitor a try – it’s free!
On no account rename these templates. If you do rename the above original Group Policy templates, then when you apply a service pack your policies will be deleted and replaced by default the above defaults.
Be aware that there are two sets of Administrative Templates, one for Computers and another for Users. Should there be a conflict of settings, then the Computer Configuration wins. For example, if ‘Prevent Access to 16 bit applications’ is enabled in the Computer Configuration, but disabled in the User Configuration, then enabled wins because it’s in the Computer Settings. The logic being, by the time the user logs on, too late, the Computer Configuration has already run.
- Windows Components
Pre-requisites before you create a policy:
- Access to a Windows Server 2003 domain controller. (Windows 2000 will be different)
- Group Policy Management Console (GPMC) is installed.
- Create a test OU. (Not essential, but safer than using the default domain policy)
- right-click your policy, then edit.
- Navigate to the Computer Configuration. Next, expand the Administrative Templates then Windows Components.
See more Computer Group Policies
If you like this page then please share it with your friends