Setup up a Central ‘PolicyDefinitions’ Store (for ADMX files)

KB ID 0001339 

Problem

We have had ADMX files for group policies for ages now, they are the successor to the older ADM files. They only really trip you up if you have something unusual to do, (like roll out LAPS, or Forefront, or Customising Office Deployments.)

In most cases you will want to have a central store in your Windows domain, so the clients can see the ADMX files, (and ultimately enforce the policies within them). 

 

Solution

You probably already have ADMX files on your windows clients/servers,  look in C:\Windows\PolicyDefinisions. So if you have installed any new ADMX files, they will get put in this folder on your local machine, (or domain controller).

Do you already have a central PolicyDefinitions store? It’s easy  to find out, from any domain joined machine, run the following command;

\\{Your-Domain-Name}\SYSVOL\{Your-Domain-Name}\Policies

If theres a PolicyDefinitions folder already there, half your work has been done for you!

Copying Files to the Central PolicyDefinitions Store

ADMX Files are usually accompanied by an ADML file, while the ADMX files live in the PolicyDefinitions folder, the ADML files are ‘location specific’, if you look in your PolicyDefinitions folder you will see another sub folder for your ‘locale’. Below you can see mine is en-US (English US) your ADML files will live in here.

ADMX and ADML Files

IMPORTANT: As you can see, (below). I’ve navigated to the PolicyDefinitions folder ON A DOMAIN CONTROLLER, at the following path;

C:\Windows\SYSVOL\sysvol\{Your-Domain-Name}\Policies

DON’T Try and copy the folder, (or ADMX and ADML) files to the network path of SYSVOL, or you ‘may’ get permission errors, (see error below).

You can simply copy the entire PolicyDefitions folder across if it does not already exist, or copy individual ADMX/ADML files (to the folder locations outlined above).

Create Central PolicyDefinitions Store

Now on your domain controller, Administrative tools > Group Policy Management console, create (or edit and existing policy). If you are setup correctly you should see this;

Central PolicyDefinitions Store Setup Correctly

If something is wrong you will see this;

Local PolicyDefinitions Store

Copying PolicyDefinisions and ADMX/ADML Files: Access Denied

If this happens, you need to ensure you are NOT trying to copy folders or files to the network path of the SYSVOL folder, Open the LOCAL path to the SYSVOL folder directly on a domain controller.

PolicyDefinitions Access Denied

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

7 Comments

  1. I am getting Access Denied messages when I tried to copy Windows 10 adml and admx files. I confirmed that I am copying admx to C:\Windows\PolicyDefinitions and adml to C:\Windows\PolicyDefinitions\en-US. A few copy but most don’t, “access denied”.

    I can’t remember what I did when I set up the store a while ago. I see that a lot of the files are dated 2013. The identical file in C:\Windows\SYSVOL\sysvol\DOMAIN.ca\Policies\PolicyDefinitions are dated 2016.

    I now have ownership of the folder in c:\windows, myself with full control of that folder but still cannot copy the rest of the files over. When I try to replace all childe object permissions, “an error occurred…” “Failed to enumerate objects in the container, access denied.”

    So how am I supposed to update these policies for the latest OS versions?

    Post a Reply
  2. Finally, the right answer! Great post I know it’s old, but still worked

    Post a Reply
  3. Woo-hoo!!! I was researching this problem for a week before I found the solution here. Thanks!!

    Post a Reply
  4. Still valid to this day! thanks!

    Post a Reply
    • Helped me get M365 Admin templates available on S2016. Thank you very much.

      Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *