1. Installing the Group Policy Management Tools
Before Group Policy can be managed, the Group
Policy Management Tools must be installed. These tools are installed by
default on Windows Server 2012 domain controllers, but for other
systems, they must be manually installed. The following sections detail
installation steps for Windows Server 2012 and Windows 8 systems.
Installing the Group Policy Management Tools on Windows Server 2012
Before group policies can be managed from a
Windows Server 2012 system, the Group Policy Management feature must be
installed, as detailed in the following steps:
1. Log on to a designated administrative system running Windows Server 2012.
2. Open Windows PowerShell from the taskbar.
3. Type Import-Module ServerManager and press Enter.
4. Type Add-WindowsFeature GPMC and press Enter.
5. Review the installation status in the Windows PowerShell window and close the window if the install was successful.
Installing the Group Policy Management Tools on Windows 8 Client
To install Remote Server Administration Tools for Windows Server 2012 on Windows 8 Client, follow these steps:
1. Download the Remote
Server Administration Tools for Windows Server 2012 for Windows 8 for
x86 or x64 depending on your client OS type.
2. Double-click the
downloaded file, and when you are prompted by the Windows Update
Standalone Installer dialog box to install the update, click Yes.
3. On the EULA page, read and accept the license terms, and then click I Accept to continue with the installation.
4. When prompted, reboot the system to complete the installation.
After the system reboots, if you are logged
on with an account with the necessary permissions, all the Remote
Server Administration Tools will be available for remote administration
of Windows Server 2012 systems. The tools will be located within an
Administrative Tools tile on the Start menu.
Managing Group Policy with Windows PowerShell
From a Windows 8 or a Windows Server 2012
system with the Group Policy Management Tools installed, several new
Windows PowerShell cmdlets can be leveraged to manage Group Policy. To
access these Group Policy cmdlets, follow these steps:
1. Log on to a designated administrative system running Windows Server 2012.
2. Open Windows PowerShell from the taskbar.
3. In the Windows PowerShell window, type Import-module grouppolicy and press Enter to enable Group Policy management.
4. Now in the window, type Get-command –module grouppolicy enter to see a list of the 28 different Group Policy cmdlets available.
5. To get help information about a specific Group Policy cmdlet, such as get-gporeport, type Get-help get-gporeport and press Enter.
6. And to see syntax usage of a specific cmdlet, such as get-gporeport, type Get-help get-gporeport –example and press Enter to see several different examples.
2. Creating a GPO Central Store
Starting with Windows Vista and Windows
Server 2008, administrators can now manually create a folder on the
Active Directory domain controller that contains all the necessary ADMX
and ADML files. This folder is referred to as the GPO central store and
has to be created and managed manually. The GPO central store can be
created in a domain that contains at least Windows Server 2003 domain
controllers or later.
By default, with Windows Vista, Windows
Server 2008, and later OSs, when a GPO is opened for editing the system
first checks the domain controller for the existence of a GPO central
store. If the central store exists, the GPO loads the templates located
in the central store. If the central store does not exist, the local
copies of the ADMX and ADML files are loaded to view the GPO.
Note
For a central store to work properly, the
Active Directory Forest and Domain Schema must be upgraded to at least
Windows Server 2008 Schema even though the domain controller
requirement is only Windows Server 2003 with the latest service pack.
The creation of the GPO central store
provides a simple, yet effective way for administrators to manage
administrative templates from the server. To create the GPO central
store, follow these steps:
1. Log on to a designated administrative system running Windows 8 or Windows Server 2012.
2. Browse to the C:\Windows\ folder and copy the PolicyDefinitions folder to the Clipboard.
3. In a domain named companyabc.com, open the following folder: \\companyabc.com\sysvol\companyabc.com\policies.
4. Paste the PolicyDefinitions folder from the Clipboard to the folder referenced in the preceding step.
5. Close any open folder windows.
The preceding steps create the central store
and populate the store with the ADMX template files and the ADML
language files of the administrative workstation or server. If
additional language files are required, the language subfolder within
the PolicyDefinitions folder of the administrative system can be copied
into the domain’s central store now located at
\\companyabc.com\sysvol\companyabc.com\policies\PolicyDefinitions.
Verifying the Usage of the GPO Central Store
To verify whether the central store is actually being used, follow these steps:
1. Log on to a designated administrative system.
2. Open the Group Policy Management Console.
3. Expand the domain to expose the Group Policy Objects container and expand it.
4. Select any existing
GPO that contains at least one configured setting within the
Administrative Templates section of either the Computer Configuration
or User Configuration node.
5. In the right pane, select the Settings tab to view the settings of the GPO, similar to the settings shown in Figure 1.
Figure 1. GPO central store verification.
Under
Administrative Templates, it will state whether policy definitions
(ADMX) files were retrieved from the local machine or from the central
store.
6. Close the Group Policy Management Console.
