IT tutorials
 
Windows
 

: Windows Server 2008 and Windows Vista : Administrative (.adm) Templates (part 4) - Managing .adm Templates

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
3/27/2014 3:39:37 AM

6. Removing .adm Templates

Sometimes you might need to remove an .adm template from a GPO. This action removes any settings from the GPME that were created by the .adm template.

Note

If a policy was configured using the settings in the .adm template before the .adm template was removed from the GPO, the policy setting will still be active in the GPO. Policy settings are not stored in the .adm template, but in the Registry.pol file. You should modify all settings made using the .adm templates as needed before you remove the .adm templates from the GPO.


Much like our example of adding an .adm template to a GPO, we will now walk through an example of removing an .adm template. Here we will remove the Visio11.adm template from the OFFICE11 GPO:

1.
Right-click the Administrative Templates node under the Computer Configuration section of the GPO, and then click Add/Remove Templates.

2.
In the Add/Remove Templates dialog box, select the Visio11.adm template in the list of templates, and then click Remove. The template is removed from the list.

7. Managing .adm Templates

Over time, you will make changes to the custom .adm templates that you have implemented within your GPOs. Built-in controls are available that help update new versions of the .adm templates. To make this process easier, it is best to have a dedicated workstation for creating and modifying GPOs.

Controlling Updated Versions of .adm Templates

The default behavior of controlling new versions of .adm templates ensures that the latest versions of the files are located in the GPT for the GPO. The .adm templates are updated and referenced in two steps. First, the .adm template timestamp is referenced. The timestamp of the local .adm template in the %windir%\Inf folder is compared to the .adm template in the GPT. If the local .adm template is newer than the GPT version, the local .adm template is copied to the GPT, replacing the current .adm template in the GPT. Second, the Group Policy Management Editor uses the .adm template from the GPT to create the interface within the Administrative Templates nodes in the GPO.

Two GPO settings control this behavior:

  • Turn Off Automatic Updates Of ADM Files

  • Always Use Local ADM Files For Group Policy Editor

Turn Off Automatic Updates Of ADM Files

This GPO setting can be found at the following location:

User Configuration\Administrative Templates\System\Group Policy

This policy controls whether the timestamps of the two .adm templates are compared and whether the latest one is placed in the GPT. By default, the timestamp is compared and the newer .adm template is placed in the GPT.

When this policy is set to Enabled, the .adm template timestamps are not checked for newer versions, so the GPT is not updated. When this policy is set to Disabled, the .adm templates are checked, and if the .adm template from the local computer performing the administration has a newer timestamp, the .adm template stored in the GPT of the GPO is updated.

Always Use Local ADM Files For Group Policy Editor

This GPO setting can be found at the following location:

Computer Configuration\Administrative Templates\System\Group Policy

This policy controls which .adm template is used to create the interface of the GPO when edited. By default, the .adm template stored in the GPT is used.

When this policy is set to Enabled, the .adm templates from the local computer are used. The results can be undesirable if the local .adm templates are updated without your knowledge. When this policy is set to Disabled, the .adm templates from the GPT of the GPO are used. This creates a safer environment for version control and ensures that all policies can be viewed consistently from any computer.

Tips for Working with .adm Templates

Over time and with the creation of new operating systems and features, the behavior of .adm templates has changed. Here are some tips for working with .adm templates:

  • If the saved GPO contains registry settings for which there is no corresponding .adm template, these settings will not appear in the GPME. They will still be active, however, and will be applied to users or computers targeted by the GPO.

  • Because of the importance of timestamps to .adm template management, you should not edit the standard .adm templates. If a new policy setting is required, create a custom .adm template.

  • The Group Policy Management Console (GPMC) controls the .adm templates in a much different manner when it creates HTML reports, uses Group Policy Modeling, and generates Group Policy results.

  • Windows XP Professional does not support the Always Use Local ADM Files For Group Policy Editor policy setting. Therefore, if your GPO administrative computer runs Windows XP Professional, you must use the .adm templates stored in the GPT.

Operating System and Service Pack Release Issues

Each operating system or service pack release includes a superset of the .adm templates provided by earlier releases, including policy settings specific to earlier versions of the operating system. For example, the .adm templates provided with Windows Server 2003 include all policy settings for all earlier versions of Windows, including settings relevant only to Windows 2000 or Windows XP Professional. This means that merely viewing a GPO from a computer with the new release of an operating system or service pack effectively upgrades the .adm templates for that GPO. Because later releases are a superset of previous .adm templates, this typically does not create problems (as long as the .adm templates being used have not been edited).

In some situations, an operating system or service pack release includes a subset of the .adm templates that were provided with earlier releases, potentially resulting in policy settings no longer being visible to administrators when they use GPME. However, the policy settings remain active in the GPO. Any active (either Enabled or Disabled) policy settings are not visible in the GPME. Because the settings are not visible, an administrator cannot easily view or edit them. To work around this issue, you must become familiar with the .adm templates included with each operating system or service pack release before using the GPME on that operating system. You must also keep in mind that the act of viewing a GPO is enough to update the .adm templates in the GPT when the timestamp comparison determines that an update is appropriate.

To plan for such potential issues in your environment, it is recommended that you do one of the following:

  • Define a standard operating system and service pack for all viewing and editing of GPOs, making sure that the .adm templates being used include the policy settings for all platforms in your enterprise.

  • Use the Turn Off Automatic Updates Of ADM policy setting for all Group Policy administrators to make sure that .adm templates are not overwritten in the SYSVOL by any GPME session, and make sure that you are using the latest .adm templates from Microsoft.
 
Others
 
- : Windows Server 2008 and Windows Vista : Administrative (.adm) Templates (part 3) - Adding .adm Templates
- : Windows Server 2008 and Windows Vista : Administrative (.adm) Templates (part 2) - Default Installed .adm Templates
- : Windows Server 2008 and Windows Vista : Administrative (.adm) Templates (part 1) - Default .adm Templates
- Using the Windows 8 Interface : Navigating the Start Screen (part 3) - Navigating the Start Screen with a Touch Interface
- Using the Windows 8 Interface : Navigating the Start Screen (part 2) - Navigating the Start Screen with a Keyboard
- Using the Windows 8 Interface : Navigating the Start Screen (part 1) - Navigating the Start Screen with a Mouse
- Using the Windows 8 Interface : Taking a Tour of the Windows 8 Interface (part 2) - The App Bar,The Charms Menu
- Using the Windows 8 Interface : Taking a Tour of the Windows 8 Interface (part 1)
- Windows Server 2012 : Scalable and elastic web platform (part 7) - Generating Windows PowerShell scripts using IIS Configuration Editor
- Windows Server 2012 : Scalable and elastic web platform (part 6) - FTP Logon Attempt Restrictions
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us