Windows 10 is an operating system that is evolving at a very fast pace and will most likely be released as a new version (part of the Current Branch) every 6 months or so. At the time of writing there are two versions released (not including Windows 10 insider releases) and they are shown below:
- Windows 10 build 10240 (1507)
- Windows 10 build 10586 (1511)
The first release of Windows 10 (RTM) was in July, 2015 and it is sometimes referred to as Windows 10 version 1507, the next release was in November, 2015 and is likewise referred to as version 1511. This versioning is based on YYMM (year/month) format.
Using newly released Windows 10 ADMX templates in Active Directory will allow you to control a lot of the new functionality within Windows 10, however before doing so you need to import those templates into AD because your current AD server infrastructure (probably running on Server 2012 R2) won’t be aware of these new GPO settings as they were released long after the product shipped.
As Windows 10 will be re-released on a regular schedule, it will add new features to the operating system and conversely new GPO templates will be required to control that functionality on a domain level. Therefore you’ll probably find yourself doing these actions a couple of times a year if you are deploying Windows 10 current branch.
To use the new GPOs you need to do the following:
- Download the new templates
- Extract the admx and adml files
- Copy them to the Group Policy Central Store
- Create new GPO’s
- Review the changes
Download the new templates
When Microsoft produces a new release of Windows 10, (for example Windows 10 1511) it also produces a downloadable template containing new GPO’s that you can install in Active Directory. To find those templates I’d suggest you use your favorite search engine to search for the following phrase:
“download Windows 10 ADMX templates”
Alternatively you can keep your eyes on the following web page where they occasionally announce the release of new templates for Windows.
In addition to the above search, you can also search for a Microsoft Excel spreadsheet which highlights the changes in GPO’s for that platform, for example search for the following phrase:
“Windows 10 ADMX spreadsheet”
Extract the admx and adml files
Once you’ve found the corresponding templates for the version of Windows 10 you want to support (for example here are the ADMX templates for Windows 10 1511) then download the MSI (or copy it) to the desktop of your source computer.
Double click on it to start the installation (extraction)
accept the EULA and then let it extract the files to the default location which is something like C:\Program Files (x86)\Microsoft Group Policy\Windows 10 Version 1511\
close the wizard when done.
Copy them to the Group Policy Central Store
Note: This process is further explained on Technet here.
Now that you’ve got the new ADML and ADMX files, you need them copied to the Group Policy Central Store. If you already have a Central Store in SYSVOL on the domain controller, skip to the copying files section below.
Creating a central store
The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.
To create a Central Store for .admx and .adml files, using Windows File Explorer create a folder that is named PolicyDefinitions in the following location (for example) on the domain controller:
as shown in the screenshot below
Copying the files
Note: Before copying any new ADMX and ADML files backup any that are present in the PolicyDefinitions folder.
To copy the new files do as follows. Copy all files from the PolicyDefinitions folder that you extracted the files to on the source computer, that location was:
C:\Program Files (x86)\Microsoft Group Policy\Windows 10 Version 1511\PolicyDefinitions
to the PolicyDefinitions folder within SYSVOL on the Domain Controller that you’ve just created on the domain controller.
You can remove any language folders that you do not want to support, so if you are using only English, keep en-US only.
Create new GPO’s
Close any opened Group Policy Management Console windows, then open GPMC again and create a new policy.
In this example we will create a GPO to disable the Windows 10 consumer experience which is a new GPO available in the 1511 templates.
Right click on the New GPO and choose Edit
Next, navigate to Computer Configuration\Policies\Adm
Navigate to Computer Configuration\Policies\Administrative Templates\Windows Components\Cloud Content and then select the following setting:
- Turn off Microsoft consumer experiences
Set it to Enabled as shown below.
That’s it, any computers that are present in the OU targeted by the GPO will get the new setting and will apply the changes if appropriate.
Review the changes
On a computer that has not yet received the policy, but which is targeted by the GPO check the following setting (must be running Windows 10 1511 or later). This setting is enabled by default (and greyed out if Windows is not activated).
Next do a gpupdate /force in an administrative command prompt as shown below:
and go back to the same setting you reviewed above, notice the difference and that it states ‘some settings are managed by your organization‘ and that the suggestions are set to Off.
- Lock down Windows 10 – https://technet.microsoft.com/en-us/library/mt592641%28v=vs.85%29.aspx
- Seeing extra apps? Turn them off. – http://blogs.technet.com/b/mniehaus/archive/2015/11/23/seeing-extra-apps-turn-them-off.aspx
- How to create and manage the Central Store for Group Policy Administrative Templates in Windows – https://support.microsoft.com/en-us/kb/3087759
In this blog post you learned how to find and download the latest Windows 10 admx files, how to add them to your Group Policy Central Store and how to then deploy a GPO from the new templates.
Pingback: Adding Windows 10 admx files to the Group Policy Central Store – Microsoft Evangelist
Pingback: Windows 10 – Ajouter les nouveaux Admx – L2T
Old post I know, but I’m looking to do the same. When I go to copy my ADMX files to my central store, is there any issues with the fact that it asks if I want to over-write the files with the same name?
I plan on saving a copy of the folder so I have the original files, but I was curious if there present a problem with the fact I have a fair amount of GPOs and by replacing the ADMX with newer versions, I don’t want to break any of my existing GPOs.
no problem overwriting them, that’s the point (replace old with new).
Question, would creating a central wipe out current GPO policies?
no it should not, but test first in a lab to be sure.
Pingback: Want to learn about the new Bitlocker Management feature in Microsoft Endpoint Manager Configuration Manager ? | just another windows noob ?