Create A GPO Central Store

If your shop is in a situation where you have multiple admins working on group policy from different machine’s then you are most likely aware of the problems that may occur. The Microsoft management console GPO editor by default will pull the policy definition files from the computer it is being run on. On the outside this doesn’t seem like and issue, however when you are using a mixed environment of XP, 7 and 8.1 the problems are immediately clear. You will notice that policies created for windows 8.1 cannot be edited on XP or 7 which equals a huge problem. There is a simple and elegant solution called a GPO Central Store. The GPO Central Store is located in the “SYSVOL” directory of the domain under a folder called “PolicyDefinitions” and allows all admins access to the same store regardless of the client OS. Once this folder is created, you will notice that the GPO editor now uses the definitions from the central store. A GPO Central Store can be created by copying all local GPO’s to SYSVOL folder using the commands below. We can verify that this procedure works flawlessly on standalone Samba4 domains as well as Zentyal 3.2 and above domains.

Note: These commands must be run as an Administrative user on a machine that is joined to the domain.

md %logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions\
md %logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions\en-US
xcopy %systemroot%\PolicyDefinitions\* %logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions\
xcopy %systemroot%\PolicyDefinitions\en-US\* %logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions\en-US\
Did you find this article useful? Why not share it with your friends?

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.