Windows 10 is an operating system that is evolving at a very fast pace and will most likely be released as a new version (part of the Current Branch) every 6 months or so. At the time of writing there are two versions released (not including Windows 10 insider releases) and they are shown below:
- Windows 10 build 10240 (1507)
- Windows 10 build 10586 (1511)
The first release of Windows 10 (RTM) was in July, 2015 and it is sometimes referred to as Windows 10 version 1507, the next release was in November, 2015 and is likewise referred to as version 1511. This versioning is based on YYMM (year/month) format.
Using newly released Windows 10 ADMX templates in Active Directory will allow you to control a lot of the new functionality within Windows 10, however before doing so you need to import those templates into AD because your current AD server infrastructure (probably running on Server 2012 R2) won’t be aware of these new GPO settings as they were released long after the product shipped.
As Windows 10 will be re-released on a regular schedule, it will add new features to the operating system and conversely new GPO templates will be required to control that functionality on a domain level. Therefore you’ll probably find yourself doing these actions a couple of times a year if you are deploying Windows 10 current branch.
To use the new GPOs you need to do the following:
- Download the new templates
- Extract the admx and adml files
- Copy them to the Group Policy Central Store
- Create new GPO’s
- Review the changes
Download the new templates
When Microsoft produces a new release of Windows 10, (for example Windows 10 1511) it also produces a downloadable template containing new GPO’s that you can install in Active Directory. To find those templates I’d suggest you use your favorite search engine to search for the following phrase:
“download Windows 10 ADMX templates”
Alternatively you can keep your eyes on the following web page where they occasionally announce the release of new templates for Windows.
In addition to the above search, you can also search for a Microsoft Excel spreadsheet which highlights the changes in GPO’s for that platform, for example search for the following phrase:
“Windows 10 ADMX spreadsheet”
Extract the admx and adml files
Once you’ve found the corresponding templates for the version of Windows 10 you want to support (for example here are the ADMX templates for Windows 10 1511) then download the MSI (or copy it) to the desktop of your source computer.
close the wizard when done.
Copy them to the Group Policy Central Store
Note: This process is further explained on Technet here.
Now that you’ve got the new ADML and ADMX files, you need them copied to the Group Policy Central Store. If you already have a Central Store in SYSVOL on the domain controller, skip to the copying files section below.
Creating a central store
The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.
To create a Central Store for .admx and .adml files, using Windows File Explorer create a folder that is named PolicyDefinitions in the following location (for example) on the domain controller:
as shown in the screenshot below
Note: Before copying any new ADMX and ADML files backup any that are present in the PolicyDefinitions folder.
To copy the new files do as follows. Copy all files from the PolicyDefinitions folder that you extracted the files to on the source computer, that location was:
C:\Program Files (x86)\Microsoft Group Policy\Windows 10 Version 1511\PolicyDefinitions
Create new GPO’s
Close any opened Group Policy Management Console windows, then open GPMC again and create a new policy.
Right click on the New GPO and choose Edit
Next, navigate to Computer Configuration\Policies\Adm
Navigate to Computer Configuration\Policies\Administrative Templates\Windows Components\Cloud Content and then select the following setting:
- Turn off Microsoft consumer experiences
Set it to Enabled as shown below.
Review the changes
On a computer that has not yet received the policy, but which is targeted by the GPO check the following setting (must be running Windows 10 1511 or later). This setting is enabled by default (and greyed out if Windows is not activated).
- Lock down Windows 10 – https://technet.microsoft.com/en-us/library/mt592641%28v=vs.85%29.aspx
- Seeing extra apps? Turn them off. – http://blogs.technet.com/b/mniehaus/archive/2015/11/23/seeing-extra-apps-turn-them-off.aspx
- How to create and manage the Central Store for Group Policy Administrative Templates in Windows – https://support.microsoft.com/en-us/kb/3087759
In this blog post you learned how to find and download the latest Windows 10 admx files, how to add them to your Group Policy Central Store and how to then deploy a GPO from the new templates.