IT tutorials
 
Windows
 

: Windows Server 2008 and Windows Vista : Administrative (.adm) Templates (part 5) - Policies vs. Preferences

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
3/27/2014 3:40:59 AM

7. Policies vs. Preferences

Policies are registry-based settings that can be fully managed by administrators and Group Policy. These are also referred to as true policies. In contrast, registry-based settings that are configured by users or are set as a default state by the operating system at installation are referred to as preferences.

True policies are stored under approved registry keys. These keys are not accessible by users, so they are protected from being changed or disabled. The four approved registry keys are shown in Table 3.

Table 3. Approved Registry Key Locations for Group Policy Settings
Computer-Based Policy SettingsUser-Based Policy Settings
HKLM\Software\PoliciesHKCU\Software\Policies
HKLM\Software\Microsoft\Windows\CurrentVersion\PoliciesHKCU\Software\Microsoft\Windows\CurrentVersion\Policies

Preferences are registry-based settings that are located in registry keys other than the approved registry keys listed in Table 3. Users can typically change their preferences at any time. For example, users can decide to set their wallpaper to a different bitmap. Most users are familiar with setting preferences through the operating system or application user interface.

You can create custom .adm templates that set registry values outside of the approved registry keys. When you create these preferences, you only ensure that a given registry key or value is set in a particular way. These preferences are not secured as true policies are; users can access these settings and modify them. Another issue with preferences is that the settings persist in the registry. The only way to alter preferences is to configure them using the .adm template or manually update the registry.

In contrast, true policy settings have access control list (ACL) restrictions to prevent users from changing them, and the policy values are removed when the GPO that set them goes out of scope (when the GPO is unlinked, disabled, or deleted). For this reason, true policies are considered to be policy settings that can be fully managed. By default, the GPME shows only true policy settings that can be fully managed. To view preferences in the GPME, you right-click the Administrative Templates node, click View, click Filtering, and then, in the Filtering dialog box, clear the Only Show Policy Settings That Can Be Fully Managed check box.

True policy settings take priority over preferences, but they do not overwrite or modify the registry keys used by the preferences. If a policy setting is deployed that conflicts with a preference, the policy setting takes precedence over the preference setting. If a conflicting policy setting is removed, the original user preference setting remains intact and configures the computer.

8. ADMX Files

ADMX files have replaced .adm templates in Windows Vista and Windows Server 2008. The purpose and result of the ADMX files are the same as the .adm templates, which is to provide an interface within the Group Policy Management Editor (GPME) so that registry-based settings can be configured. From a GUI experience, administration of a GPO will not be altered when using ADMX files compared to .adm templates.

The reasons for the change of file format, structure, and architecture are numerous. The legacy .adm templates were powerful and manageable, but limitations and negative behavior spurred the change to the ADMX file format. Some of the benefits of ADMX files include:

  • Multiple language support

  • Elimination of SYSVOL bloat

  • Utilization of a central store

  • More control over ADMX file versions

  • Centralized management of default and custom ADMX files

Warning

Because ADMX files were first introduced with Windows Vista, only two operating systems can manage GPOs using ADMX files: Windows Vista and Windows Server 2008. If a GPO is edited using a computer running Windows 2000, Windows XP, or Windows Server 2003, the local .adm templates will be copied from the computer performing the administration to the GPT for the GPO. Therefore, if you do not want to use .adm templates and want to keep the SYSVOL free of .adm templates, only edit GPOs using Windows Vista or Windows Server 2008.


9. Default ADMX Files

Every installation of Windows Vista and Windows Server 2008 includes a complete set of ADMX files. These files create the two Administrative Template nodes under Computer Configuration and User Configuration in the GPME. There are 132 default ADMX files for Windows Vista and 146 default ADMX files for Windows Server 2008 and Windows Vista SP1. Each ADMX file has an associated ADML file located under one or more language-specific folders, such as EN-US for English.

The location of the default ADMX files is %windir%\PolicyDefinitions. There is only one default language-specific subfolder in this main folder, which is English in most cases.
 
Others
 
- : Windows Server 2008 and Windows Vista : Administrative (.adm) Templates (part 4) - Managing .adm Templates
- : Windows Server 2008 and Windows Vista : Administrative (.adm) Templates (part 3) - Adding .adm Templates
- : Windows Server 2008 and Windows Vista : Administrative (.adm) Templates (part 2) - Default Installed .adm Templates
- : Windows Server 2008 and Windows Vista : Administrative (.adm) Templates (part 1) - Default .adm Templates
- Using the Windows 8 Interface : Navigating the Start Screen (part 3) - Navigating the Start Screen with a Touch Interface
- Using the Windows 8 Interface : Navigating the Start Screen (part 2) - Navigating the Start Screen with a Keyboard
- Using the Windows 8 Interface : Navigating the Start Screen (part 1) - Navigating the Start Screen with a Mouse
- Using the Windows 8 Interface : Taking a Tour of the Windows 8 Interface (part 2) - The App Bar,The Charms Menu
- Using the Windows 8 Interface : Taking a Tour of the Windows 8 Interface (part 1)
- Windows Server 2012 : Scalable and elastic web platform (part 7) - Generating Windows PowerShell scripts using IIS Configuration Editor
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us