KB ID 0001339
Problem
We have had ADMX files for group policies for ages now, they are the successor to the older ADM files. They only really trip you up if you have something unusual to do, (like roll out LAPS, or Forefront, or Customising Office Deployments.)
In most cases you will want to have a central store in your Windows domain, so the clients can see the ADMX files, (and ultimately enforce the policies within them).
Solution
You probably already have ADMX files on your windows clients/servers, look in C:\Windows\PolicyDefinisions. So if you have installed any new ADMX files, they will get put in this folder on your local machine, (or domain controller).
Do you already have a central PolicyDefinitions store? It’s easy to find out, from any domain joined machine, run the following command;
If theres a PolicyDefinitions folder already there, half your work has been done for you!
Copying Files to the Central PolicyDefinitions Store
ADMX Files are usually accompanied by an ADML file, while the ADMX files live in the PolicyDefinitions folder, the ADML files are ‘location specific’, if you look in your PolicyDefinitions folder you will see another sub folder for your ‘locale’. Below you can see mine is en-US (English US) your ADML files will live in here.
IMPORTANT: As you can see, (below). I’ve navigated to the PolicyDefinitions folder ON A DOMAIN CONTROLLER, at the following path;
DON’T Try and copy the folder, (or ADMX and ADML) files to the network path of SYSVOL, or you ‘may’ get permission errors, (see error below).
You can simply copy the entire PolicyDefitions folder across if it does not already exist, or copy individual ADMX/ADML files (to the folder locations outlined above).
Now on your domain controller, Administrative tools > Group Policy Management console, create (or edit and existing policy). If you are setup correctly you should see this;
If something is wrong you will see this;
Copying PolicyDefinisions and ADMX/ADML Files: Access Denied
If this happens, you need to ensure you are NOT trying to copy folders or files to the network path of the SYSVOL folder, Open the LOCAL path to the SYSVOL folder directly on a domain controller.
Related Articles, References, Credits, or External Links
NA
20/11/2017
I am getting Access Denied messages when I tried to copy Windows 10 adml and admx files. I confirmed that I am copying admx to C:\Windows\PolicyDefinitions and adml to C:\Windows\PolicyDefinitions\en-US. A few copy but most don’t, “access denied”.
I can’t remember what I did when I set up the store a while ago. I see that a lot of the files are dated 2013. The identical file in C:\Windows\SYSVOL\sysvol\DOMAIN.ca\Policies\PolicyDefinitions are dated 2016.
I now have ownership of the folder in c:\windows, myself with full control of that folder but still cannot copy the rest of the files over. When I try to replace all childe object permissions, “an error occurred…” “Failed to enumerate objects in the container, access denied.”
So how am I supposed to update these policies for the latest OS versions?
21/12/2022
How did you fix this issue.
24/08/2018
Finally, the right answer! Great post I know it’s old, but still worked
07/06/2019
Woo-hoo!!! I was researching this problem for a week before I found the solution here. Thanks!!
26/11/2020
Still valid to this day! thanks!
08/07/2022
Still valid. Thank you
14/09/2022
Helped me get M365 Admin templates available on S2016. Thank you very much.