Windows Server 2016 – Plugging in ADMX and ADML templates

How to change the time zone on Windows Server 2019

Some day you may find yourself in a position where you are following a setup guide or some article, which instructs you to configure certain options inside a GPO. However, when you go to look for those options, they do not exist. How is that possible, if the documentation clearly shows the options existing inside Group Policy? This is the magic of ADMX and ADML files. Many configurations and settings exist inside Group Policy right out of the box, but some technologies build on additional settings or fields inside GPOs that do not exist by default. When this happens, those technologies will include files that can be placed onto your Domain Controller. These files are then imported automatically by Group Policy, and the settings will then appear in the normal GPO editing tools. The trickiest part about doing this is figuring out where the ADMX and ADML files need to reside in order for them to be seen and imported by Group Policy. Let’s figure it out together.

Getting ready

I run across this one regularly when setting up DirectAccess. There is a special tool that you can install onto your Windows 7 computers that tells you some information about the DirectAccess connection, but this tool needs to be configured by a GPO. The problem is that the settings for the tool don’t exist inside Group Policy by default. So Microsoft includes in the tool’s download files an ADMX and an ADML file, both of which need to be plugged into Group Policy. We have downloaded this tool, called the DirectAccess Connectivity Assistant, and I have the ADMX and ADML files now sitting on the hard drive of my domain controller. The work we need to accomplish will be right from this DC1 domain controller.

How to do it…

In order to pull settings from an ADMX and ADML file into Group Policy, follow these steps:

  1. Copy the ADMX file into C:\Windows\PolicyDefinitions on your domain controller. In my case, the filename is DirectAccess_Connectivity_Assistant_2_0_GP.admx.
  2. Copy the ADML file into C:\Windows\PolicyDefinitions\en-US on your domain controller. In my case, the filename is DirectAccess_Connectivity_Assistant_2_0_GP.adml:
  1. Now simply open your Group Policy Management Console from inside Server Manager.
  1. Edit the GPO that you want to use with these new settings, and you can see that we have some brand new settings available to us inside here that did not exist five minutes ago! These new settings show up inside Computer Configuration | Policies | Administrative Templates:

How it works…

You can import new settings and configuration options into Group Policy by taking ADMX and ADML files and putting them into the proper folders on your domain controller server. What we walked through today is an example of how to accomplish this task on a single domain controller, but what happens if your environment has multiple domain controllers? Do you have to copy the files onto each server? No, that is not the proper way to go about it. In an environment where you have multiple domain controllers, the ADMX and ADML files instead need to go inside something called the Active Directory Central Store. Instead of copying the ADMX and ADML files into their locations on the C drive, open up File Explorer and browse to \<DOMAIN_NAME>SYSVOL<DOMAIN_NAME>PoliciesPolicyDefinitions. This Central Store location will replicate to all of your domain controllers. Simply place the files here instead of on the local hard disk, and your new settings will then be available within the Group Policy console from any of your domain controllers.

Comments are closed.