ADM vs. ADMX

thompatry

thompatry

In Runtime
Messages
145
I work for a College Computer Tech office and I working on just trying to keep group policy simple so others can come in and read and understand what is going on. Well on top of that, we are soon getting ready to deploy Windows 7 in our operation. We do have a few testing machines out there so we can determine the bugs but otherwise, no one has seen it but our dept.

Well I was just curious if ADMX will be read OK by Windows XP or will I have to use both until we are completely off of XP?
 
the answer is no.
admx won't be read by XP or 2003.

your choice is to use both, or stick with ADM until you're completely off XP.
 
Then what happens if ADM doesn't all get read by Win 7? For examaple. We have kiosks that we want to disable Control Alt Delete for student users because we don't need these machines locked because it is a kiosk. Well XP understands the rules but Windows 7 doesnt follow what has been set. How do I go about fixing this?

Would I go with two different policies one just for XP (ADM) and one for 7 (ADMX) and put them together in the domain?
 
One last quick off the top of my head. What will 7 know what to pull down since there is two of theme there?
 
it will apply both.

they would be effectively merged, just like if you were applying two regular ADM policies or two ADMX policies.

but remember that deny takes precedence, so if you deny something in the ADM policy then allow it in the ADMX policy it'll still be denied to windows vista and windows 7 machines as they would read both policies.

if you don't like the idea of applying both, and letting the machine merge them, (perhaps because it'll increase the boot time as it will see two policies to apply, then...

you can limit the application either through the use of different OUs to keep windows 7 and XP machines separate in your AD structure.

create an OU for xp machines and apply the ADM policies just to this OU
create an OU for w7 machines and apply the ADMX policies just to this OU.

That's the way that I'd recommend,

or you could change the security settings on the policy to say that some machines have no read access to the policy, (so you let Xp machines see the ADM policy and deny access to windows 7 machines) visa versa for the ADMX policies.

that's the way I wouldn't recommend (because you'll have to create and maintain long lists of machines in the security policy, or in groups), but it is useful if you want to apply a policy to just a single machine inside an OU with lots of machines.

(you can do that per machine, or create groups of machines and put a group in the security settings).
 
You must log in or register to reply here.

Similar threads

P
I. T. Industry Boom
Replies
0
Views
736
phantom555
P
C
I’m tired of Apple’s Arrogence!
Replies
0
Views
2K
coalitionguy
C
superdave1984
Web security appliance vs DNS filtering
2
Replies
14
Views
3K
Vuesol
V
E
New reviewer member with you! best smartwatches 2021
Replies
0
Views
1K
ElazSouhail
E
P
Browser/ Slow To Load Home Page
Replies
3
Views
2K
petergroft29
P
Back
Top Bottom