Monitoring PowerShell execution, (especially on critical servers like domain controllers), is essential for detecting potential malicious activity. PowerShell activities generate specific Event IDs in the Windows Event Log.
Solution : Logging Powershell
The following Event IDs are logged connected to PowerShell execution.
Command Line Auditing: Event ID 800 (Microsoft-Windows-Sysmon/Operational log) (if Sysmon is configured):
Logs command-line activity, including PowerShell commands.
Event ID 4102: PowerShell Transcription (Microsoft-Windows-PowerShell/Operational log):
Tracks transcription-related activities if PowerShell transcription is enabled.
Event ID 4103: PowerShell Execution Logging (Microsoft-Windows-PowerShell/Operational log):
Provides detailed script block execution logs.
Useful for tracking command-line arguments and script contents.
Event ID 4104: Script Block Logging (Microsoft-Windows-PowerShell/Operational log):
Logs the actual script blocks being executed.
Often used to detect obfuscated or suspicious commands.
Event ID 4105: Module Logging (Microsoft-Windows-PowerShell/Operational log):
Tracks modules loaded by PowerShell scripts.
Event ID 4106: Pipeline Execution Details (Microsoft-Windows-PowerShell/Operational log):
Captures pipeline execution details, providing insights into commands executed in the pipeline.
Event ID 4688: Windows PowerShell Logs (Security log):
Logs when a new process is created, including PowerShell.
Look for processes with powershell.exe or pwsh.exe.
Logging Powershell With Group Policy
Enable Script Block Logging:
For LOCAL POLICY: Open gpedit.msc. > Navigate to: Computer Configuration > Administrative Templates > Windows Components > Windows PowerShell > Turn on PowerShell Script Block Logging > Set it to Enabled. Additionally tick script block invocation start/stop events, to enable the logging of Event 4105 (start of a script block execution) and 4106 (end of a script block execution).
For DOMAIN GROP POLICY: On a domain controller or a machine that has the management tool attached > Administrative tools > Group Policy Management Console, then either edit an existing, or create a new one linked to the domain/OU that contains the COMPUTER object you want to apply this policy to, then Navigate to Navigate to: Computer Configuration > Policies > Administrative Templates > Windows Components > Windows PowerShell > Turn on PowerShell Script Block Logging > Set it to Enabled. Additionally tick script block invocation start/stop events, to enable the logging of Event 4105 (start of a script block execution) and 4106 (end of a script block execution).
Logging PowerShell (Other Options)
You may also want to enable the following policies (at either LOCAL or DOMAIN level)
Enable Module Logging
Location: Administrative Templates > Windows Components > Windows PowerShell.
Lets you log the usage of particular PowerShell Modules
Enable PowerShell Transcription
Location: Administrative Templates > Windows Components > Windows PowerShell.
This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.
Audit Process Creation
Location: Computer Configuration > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies > Detailed Tracking > Audit Process Creation > Enable for success and failiure.
This is used to enable or disable the logging of process creation events in the Windows Security log. It provides valuable information about which processes are starting on a system, including details like the process name, command line arguments, and the user who initiated the process.
As you may already know, Microsoft will officially end support for Windows 10 on October 14, 2025. This means no more security updates, bug fixes, or feature improvements! While your PC will still function, it will be at greater risk for viruses and malware – and yes – that does mean businesses and home users alike. So it’s crucial to start planning your transition to Windows 11 now, especially with larger estates.
Below, I’ll cover the key considerations and upgrade paths to help you prepare.
Need Help? If you’re unsure about your upgrade path or compatibility, feel free to leave a comment below.
Why Upgrade to Windows 11
Windows 11 offers several improvements over Windows 10, including:
Enhanced Security: Built-in support for TPM 2.0 and Secure Boot ensures a more secure operating system.
Modern UI: A fresh design with centred taskbar icons and rounded corners.
Productivity Features: Snap layouts, virtual desktops, and better multi-monitor support.
Improved Gaming Experience: DirectStorage and AutoHDR support.
Optimised for Hybrid Work: Deeper integration with Microsoft Teams and cloud services.
As mentioned (above) with support for Windows 10 ending, you’ll also reduce your risk of vulnerabilities by upgrading.
Solution Upgrade Windows 10 to Windows 11
Key Considerations Before Upgrading to Windows 11
Hardware Compatibility
Windows 11 has stricter hardware requirements than Windows 10. Your PC must meet the following criteria:
Processor: 1 GHz or faster, 2 or more cores, 64-bit compatible.
RAM: 4 GB minimum.
Storage: 64 GB or more.
TPM: Trusted Platform Module (TPM) version 2.0.
Graphics Card: DirectX 12 compatible with a WDDM 2.0 driver.
Display: At least 720p resolution and 9″ or larger diagonal screen size.
Run the PC Health Check Tool from Microsoft to verify if your system is compatible.
Software Compatibility
Check whether your existing software and drivers are compatible with Windows 11. Vendors are gradually releasing updates, but some legacy applications may not work as expected.
Backup your Data
Before upgrading, ensure all critical data is backed up to an external drive or cloud storage. While most upgrades are seamless, it’s better to err on the side of caution.
Upgrade Timing
For businesses, avoid upgrading during peak operational periods. Test Windows 11 on a subset of systems before a full rollout.
Licensing and Cost
If you have a valid Windows 10 license, the upgrade to Windows 11 is free. However, organizations with volume licensing may need to verify their agreements.
Upgrade Paths from Windows 10 to Windows 11 Paths
Option 1: In-Place Upgrade Windows 10 to Windows 11
An in-place upgrade allows you to install Windows 11 over your existing Windows 10 installation without losing data or applications.
Steps:
Run the PC Health Check Tool to ensure compatibility.
Open Windows Update (“Settings > Update & Security”).
If your device is eligible, you’ll see the option to upgrade to Windows 11. Click “Download and Install.”
Option 2: Clean Installation Upgrade Windows 10 to Windows 11
A clean installation is a fresh start, which often results in better performance and fewer compatibility issues.
Steps:
Download the Windows 11 installation media from the Microsoft website.
Create a bootable USB drive using the Media Creation Tool.
Boot from the USB drive and follow the on-screen instructions to install Windows 11.
Restore your data and reinstall applications.
Option 3: Upgrade via IT Deployment Tools (Enterprise)
Organisations can use tools like Microsoft Endpoint Manager or Windows Autopilot to deploy Windows 11 to multiple devices seamlessly.
Steps:
Assess hardware readiness using tools like Microsoft Endpoint Configuration Manager.
Develop an upgrade strategy, including phased rollouts and testing.
Use deployment tools to push the upgrade to target systems.
Upgrade Windows 10 to Windows 11 (Post deployment Checks)
Verify Drivers and Updates: After installation, check for driver updates via Windows Update or manufacturer’s websites.
Reconfigure Software: Test all critical applications to ensure they work correctly.
Enable New Features: Familiarize yourself and your team with productivity features like Snap layouts and widgets.
Educate Users: Provide training or resources for end-users transitioning to Windows 11.
With support for Windows 10 ending soon, transitioning to Windows 11 is essential to ensure your system remains secure and up-to-date. By planning carefully and understanding the upgrade paths, you can make the process as smooth as possible. Start by assessing your hardware and software readiness, then choose the upgrade route that best fits your needs.
Related Articles, References, Credits, or External Links
Post updating Windows 11 to version 24H2, remote desktop connections to older systems i.e. running Windows 7 or Windows Server 2008 R2, encounter issues with displaying graphical content properly.
Reverting to the earlier version of Windows 11 RDP (23H2) does resolve the issue.
Connections to devices with newer operating systems remain unaffected.
Solution: RDP Issue
Note: You can simply use the RDP client from the MS Store and this should eliminate the problem,
The solution involves copying files form an older (23H2 or older) version of Windows, but first locate all the following files and RENAME them with a .OLD extension, to do this you will need to boot into safe mode, or from the recovery environment. Press and hold the Shift key while clicking Restart from the Start menu, Power menu, or the sign-in screen. Then the computer will reboot and enter the Recovery Mode.)
C:\Windows\System32\mstsc.exe
C:\Windows\System32\mstscax.dll
C:\Windows\System32\en-US\mstsc.exe.mui (en-US your locale may be different if you not using English US)
C:\Windows\System32\en-US\mstscax.dll.mui (en-US your locale may be different if you not using Engish US))
C:\Windows\SystemResources\mstsc.exe.mun
C:\Windows\SystemResources\mstscax.dll.mum
Copy those files back from a known working older system.
Related Articles, References, Credits, or External Links
Typically I see this problem on my mac or within various Linux distributions. I’ve covered extensively how to fix this on a mac in the following article.
So when I saw the same question asked for a Windows client, I went and looked, and found some patchy information, so I thought I’d work it out and post it here for you. Essentially you will see an error when attempting to SSH to a device something like one of the following.
Unable to negotiate with {IP-Or-Hostname} port 22 : no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
Unable to negotiate with {IP-Or-Hostname} port 22 : no matching host key type found. Their offer: ssh-rsa
Solution : No Matching Key
With windows the fix is similar, less secure algorithms and ciphers have been depreciated by Windows, to re-enable them* you need to edit your ssh_config file this file lives in a folder called ssh, which is in a hidden folder on the root of your C Drive called ProgramData. On most Windows machines this file wont exist, but check first to make sure (particularly if you’re on a server that may be running SSH Services).
*Note: They are depreciated for a reason, this weakens your machines security. The following procedure will GLOBALLY allow these depreciated cyphers for all SSH sessions, if you want to operate a little more securely go to the individual SSH config section.
Showing Hidden Files and Folders : No Matching Key
Assuming like me you don’t already have an ssh_config file already then you need to create one and add the connection algorithms required. Open an administrative command window (if you don’t do this you will get access denied errors going forward!) Then execute the following commands.
Note: If after you execute the first command, you get “copy : Cannot find path ‘C:\Windows\system32\nul’ because it does not exist.” don’t worry, it will still create the file.
A notepad window will open, remove any text withing it and paste in the following.
Save the notepad file then re-try your ssh command, this time it should succeed, or if it errors it will tell you which MAC, KexAlgorithms, or Key algorithm it’s missing that you can paste into the ssh_config file.
Individual Host SSH Settings
Its considered better practice to have a config for each target you will SSH to, for me that’s impractical because I have hundreds of clients and thousands of switches, routers and firewalls. (but you could add them as you go, I suppose). For this procedure you create a config file in your user profile, and in that config file you put the requirements in, on a host-by-host basis.
Firstly create the config file, open an administrative PowerShell window, and execute the following command.
[box]
New-Item -Path $HOME\.ssh\config -ItemType File
[/box]
Then to edit the config file.
[box]
C:\WINDOWS\System32\notepad.exe $HOME\.ssh\config
[/box]
A Notepad window will open with the blank config file, here’s an example of a config for two devices (my test Cisco ASA, and my test core switch).
Example.
[box]
# Config for my test firewall
Host cisco-asa
HostName 192.168.254.254
User petelong
Port 22
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
KexAlgorithms diffie-hellman-group1-sha1
HostKeyAlgorithms +ssh-rsa
[/box]
Now simply issue an ssh cisco-asa command.
Related Articles, References, Credits, or External Links
There are a number of reasons for you to test and demonstrate group policy application. Recently on Experts Exchange there was a question. where a user could not add a printer because those settings were “Controlled by their organisation’ but was pretty sure no printer GPOs were applied.
Or you may simply be setting up a new GPO and it’s not applying, or not working as you would expect.
Solution : What GPO
I’ve been doing this a long time! Back in the day you could create a new MMC console (run mmc.exe) then add the “Resultant Set Of Policy” Snap in and rung that to evaluate and model different GPO applications and results. You can still do that but now you can simply run the RSOP command from an administrative command window.
In this case it will produce a list of applied group policies for the logged in user and the machine it was ran on (if you want results for differennt users or computers you can add the RSOP snap-in to mmc, or run the modelling from a machinesthat had the group policy management console installed)
But RSOP will give you output like this, you can see what policies are being applied, and what is the name of the group policy that applying that change.
But this will produce a complete list of all GPO settings and their status (even if they are not defined (see above)). An easier way to search is to use GPRESULT and send the output of that to an HTML file that you can open in a browser.
[box]
gpresult /h C:\{Path}\GPresult.htm
[/box]
This produces an easier to read report
You can get the same report and change the input parameters for users and computers etc, by running the Group Policy Results wizard that included with the ADDSRSAT tools
Related Articles, References, Credits, or External Links
Why this has to be a ‘thing‘ in a business version of Windows I’m not really sure, but if you want to remove these adverts from the Windows Search function.
They are called ‘Search Highlights‘ or ‘Dynamic Search Box‘.
Solution: Remove Search Adverts
Option 1 Remove Search Adverts with Domain Group Policy
In a domain envronment we can simply crete a GPO and link it to the the computers you want to ‘remove’ this ‘feature’ from. On a domain controller > Administrative Tools > Group Policy Managment Console > Selct a policy that’s linked to the computers OU that the affected machines are in, or create a new policy and edit it.
Option 2 Remove Search Adverts with Local Group Policy
If your PC is in a workgroup or simply a stand alone PC you can acheive the same by using Local Policies. (Note: Not avalable with Home versions of Windows). In the start menu search for and execute gpmc.msc
Option 3 Remove Search Adverts with Local Settings
Another option, is to go to settings.
Privacy and Security > Search Permissions.
Scroll all the way to the bottom > More Settings > Show Search Highlights > Off > Then reboot the PC.
Option 4 Remove Search Adverts within The Registry
If you have a home edition of Windows then sometimes it’s easier to simply set this in the registry. Locate and execute regedit.
Navigate to.
[box]
Computer > HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > SearchSettings > IsDynamicSearchBoxEnabled
[/box]
Set to 0 (Zero) for Disabled.
Allow Search Highlights Option Missing From GPO
If you attempt to disable this but find the option missing like so.
You need to update your policy definitions for Windows 11 the updates are here and here. When you execute the updates, it will put the policy definisions in an odd place make sure you take a note of where the definisions are getting put.
Now you simply need to copy the ADMX and ADML files to the correct location on one of your domain contollers, to understand how to do that read the following article.
An in-place upgrade of a Windows Server, where you update an existing server installation to a newer version without reinstalling from scratch, can be a powerful way to bring older infrastructure up to date without the lengthy process of rebuilding a system and restoring data. The allure of this method lies in its simplicity and time efficiency; theoretically, you can go from, say, Windows Server 2016 to Windows Server 2022 with much less downtime, keeping configurations, applications, and user data intact. This can be especially appealing in scenarios where budget or time constraints make a full migration impractical, or for environments where a server holds critical roles that are complex to reconfigure from scratch.
However, while in-place upgrades have their perks, they aren’t without pitfalls. For starters, there’s always a risk of compatibility issues, especially if the server runs legacy software that might not play nicely with the new OS version. Performance problems can also arise, as remnants of old files and configurations may lead to a less than optimised system, compared to a clean installation. Additionally, any existing issues on the server, such as misconfigurations, registry bloat, or malware, can carry over to the new version, potentially causing instability. Therefore, before deciding on an in-place upgrade, it’s essential to weigh these pros and cons carefully, considering both the potential gains and risks based on your environment and long-term plans.
As I’ve previously stated, I prefer to do in place upgrades, If you have less than 50 servers and an IT support team, you may want to plan a clean install and data migration, but there comes a point where that’s simply not practical. My firm looks after more than 10 thousand Windows servers, and when a ‘wave’ of them goes outside of supportability – We either stop supporting them or offer and in-place upgrade.
Windows Server In Place Upgrade Paths
Current OS
Upgrade Path to Windows Server 2022
Upgrade Path to Windows Server 2025
Windows Server 2008
Upgrade to Windows Server 2008 R2 → Upgrade to Windows Server 2012 R2 → Upgrade to Windows Server 2019 → Upgrade to Windows Server 2022
Upgrade to Windows Server 2008 R2 → Upgrade to Windows Server 2012 R2 → Upgrade to Windows Server 2019 → Upgrade to Windows Server 2025
Windows Server 2008 R2
Upgrade to Windows Server 2012 R2 → Upgrade to Windows Server 2019 → Upgrade to Windows Server 2022
Upgrade to Windows Server 2012 R2 → Upgrade to Windows Server 2019 → Upgrade to Windows Server 2025
Windows Server 2012
Upgrade to Windows Server 2012 R2 → Upgrade to Windows Server 2019 → Upgrade to Windows Server 2022
Upgrade to Windows Server 2012 R2 → Upgrade to Windows Server 2019 → Upgrade to Windows Server 2025
Windows Server 2012 R2
Upgrade to Windows Server 2019 → Upgrade to Windows Server 2022
Upgrade to Windows Server 2019 → Upgrade to Windows Server 2025
Windows Server 2016
Direct upgrade to Windows Server 2022
Direct upgrade to Windows Server 2025
Windows Server 2019
Direct upgrade to Windows Server 2022
Direct upgrade to Windows Server 2025
Windows Server 2022
NA
Direct upgrade to Windows Server 2025
Note: Server 2025 information is not official at time of writing, information was provided my Microsoft Copilot.
Solution : In Place Upgrade
In Place Upgrade Planning and Pre Upgrade Steps
As well as making sure you have the compute and storage requirements (of the OS that you are upgrading to), make sure your hardware and/or Hypervisor supports the target OS. Then you have things to consider.
Roles And Features.
Microsoft Applications.
Third Party Applications.
Roles and Features: these are add-on components to the OS that you can enable (add) or disable (remove). Some common ones like DNS server or DHCP server, we just accept and don’t even worry about, but what about roles like certificate services? or a feature like NDES? What if the server is a domain controller? I’ll attempt to answer SOME of those questions below, but this is another reason why you should check, research, and test before upgrading
Show all Roles and Features With PowerShell
[box]
Get-WindowsFeature
[/box]
Microsoft Applications: Here I’m talking about things like Microsoft Exchange, Microsoft SQL, Microsoft Teams etc. Each one of those have their own dependancies OS requirements an upgrade paths that you may need to take into consideration. My personal preference is to migrate these applications onto new clean servers rather than in-place upgrade. I’ve done two in place upgrades of Exchange on the test bench and both of those were 100% successful, I’d be less happy doing them in production, and I’ve got a lot of articles showing you how to upgrade and migrate Exchange, I suggest you look there first!
Third Party Applications: This will vary from use case to use case, but consider your AV and security products, do they support the new OS? Does you backup and replication software support the new OS. That’s before you look at you line of business or back office applications like print management software, or the software that controls your building access for example.
Show all Installed Software With PowerShell
[box]
Get-WmiObject -Class Win32_Product
[/box]
In Place Upgrade ‘Pre-flight checks’
Most servers these days are virtualised, and time spent on reconnaissance is seldom wasted, If you are considering in place upgrading anything, I would urge you to clone those machines, sandbox them, and perform the in place upgrade in isolation, this will give you a change to do some functional (post upgrade) testing of both the server OS, its installed roles and any third pert applications.
As with all things infrastructure, you’re only as good as your last backup, before doing anything MAKE SURE you have a reliable (tested!) backup. Not just for the server you intend to upgrade but for any server that has a service or software dependency on the server you intend to upgrade.
Ensure the upgrade server is FULLY UPDATED before proceeding.
If the server is virtual, we also have the advantage, to take a snapshot prior to upgrade. (You can even clone a copy and keep it on standby) .
In Place Upgrade Process
Well it’s 95& preparation and 5% execution, the actual upgrade process is alarmingly simple. Present the installation media ISO to the source server, (or copy the files to the server and run setup.exe)
At the welcome screen > Next > At this point the system may take some down getting update’s > Enter the Windows activation code for the new server OS > Next > Select the version you want to install, remember if you want a server with a GUI interface, select the Desktop Experience option > Next.
At the EULA screen > Accept > Select “Keep files settings and apps” > Next > Install.
At this point the upgrade will take place, the server may reboot, but the upgrade process will continue.
When complete, you will be looking at a login screen, simply authenticate with the same credentials as before.
In Place Upgrade of Domain Controllers
Yes it’s possible, yes I’ve done it multiple times, if all the server is doing is performing Active Directory domain services and other common roles like DNS and DHCP, then I would not bother in place upgrading a domain controller, I’d simply build a fresh one, then decommission the old one (possibly needing to migrate FSMO roles)
But I’ve said its possible, just beware you may come across this error during the upgrade.
Active Directory on this domain controller does not contain Windows Server {version} ADPREP / FORESTPREP updates
This one is pretty much self-explanatory, and makes complete sense if you’ve spent any time deploying domains controllers! Well of course it doesn’t! Think about it if this is the first domain controller with the new OS in the domain, the schema has not been updated for that version of domain controller, which would happen if you were installing a DC from scratch. Here there’s only one server in the domain, and I’m on it. DON’T CLOSE THE UPGRADE WINDOW.
Open a administrative command window and change to the D:\Support\Adprep directory, run adprep.exe /forestprep and when prompted press C {Enter}to continue.
I prefer to also perform a adprep.exe /domainprep also, but you can progress in the upgrade without doing this, below I’m performing the command within PowerShell so I’m using ./adprep.exe /domainprep.
In Place Upgrade of Servers Running Certificate Services
Can you do this? Yes – Even if you have a multi-tier PKI deployment. see here I’ve personally done this twice (Server 2016 > Server 2022 and Server 2019 > Server 2022) and both were 100% successful. You can of course perform a traditional migration of Certificate Services to another server.
In Place Upgrade of Servers Running NPS (Network Policy Server)
I’ve done this successfully, if you wanted to migrate this role manually then simply see the following article Migrate NPS Server.
In Place Upgrade of Servers Running RDS (Remote Desktop Services)
Whilst supported be aware that if you upgrade you RDS licensing server, ensure you have CALs/Licenses (or SALS if you’re SPLA licensed) that support the new version of Windows. e.g. 2016 RDS CALs will work with Server 2019 but will not with Server 2022. If you have problems ‘post upgrade‘ delete the following folder “\windows\system32\lserver ” then relicense correctly with new CALs/SALs.
Invitation
If you’re reading this and considering an in place upgrade there may be a role or feature, or piece of software your server is running I’ve not covered. If so please bookmark this article, and return later, then post below what OS you upgraded from and to, and what Role/Feature/Software you were running. Was it a seamless procedure, or did you encounter a problem, error message, of complete failure? Please post your follow ups below to help the next person.
Related Articles, References, Credits, or External Links
This is a really strange one, when attempting to copy a file from a network location to another Windows server, I got this error.
Error 0x80070780: the file cannot be accessed by the system
Solution : Error 8×80070780
I did some searching, and got the usual annoying, run CHKDSK, reformat drives, one poster had even replaced the computer with another one! I came across one post that didn’t fix the problem but pointed me in the right direction. the SOURCE location (I was copying from) was the folder I use on one of my test servers is a DROPBOX folder, I use it so I cand download files on my MacBook, and they sync to the server for me to use on my test network. I was attempting to copy a file (in this case a license file for Veeam) to my Veeam server, by opening an Explorer window on the Veeam server, browsing to the NETWORK location on the Dropbox folder on another server.
Why is that relevant? Well, I thought if I could not copy it TO the destination by initiating the copy on the destination server, what if I went to the SOURCE server and browsed to the destination servers C drive and initiated the copy FROM the source.
Which worked perfectly. Admittedly this is a work around more than a fix, but my Veeam is licensed, I’m happy, move on.
Related Articles, References, Credits, or External Links
We have had ADMX files for group policies for ages now, they are the successor to the older ADM files. They only really trip you up if you have something unusual to do, (likeroll out LAPS, or Forefront, or Customising Office Deployments.)
In most cases you will want to have a central store in your Windows domain, so the clients can see the ADMX files, (and ultimately enforce the policies within them).
Solution: PolicyDefinitions
You probably already have ADMX files on your windows clients/servers, look in C:\Windows\PolicyDefinisions. So if you have installed any new ADMX files, they will get put in this folder on your local machine, (or domain controller).
Do you already have a central PolicyDefinitions store? It’s easy to find out, from any domain joined machine, run the following command;
If theres a PolicyDefinitions folder already there, half your work has been done for you!
Copying Files to the Central PolicyDefinitions Store
ADMX Files are usually accompanied by an ADML file, while the ADMX files live in the PolicyDefinitions folder, the ADML files are ‘location specific’, if you look in your PolicyDefinitions folder you will see another sub folder for your ‘locale’. Below you can see mine is en-US (English US) your ADML files will live in here.
IMPORTANT: As you can see, (below). I’ve navigated to the PolicyDefinitions folder ON A DOMAIN CONTROLLER, at the following path;
DON’T Try and copy the folder, (or ADMX and ADML) files to the network path of SYSVOL, or you ‘may’ get permission errors, (see error below).
You can simply copy the entire PolicyDefitions folder across if it does not already exist, or copy individual ADMX/ADML files (to the folder locations outlined above).
Now on your domain controller, Administrative tools > Group Policy Management console, create (or edit and existing policy). If you are setup correctly you should see this;
If something is wrong you will see this;
Copying PolicyDefinisions and ADMX/ADML Files: Access Denied
If this happens, you need to ensure you are NOT trying to copy folders or files to the network path of the SYSVOL folder, Open the LOCAL path to the SYSVOL folder directly on a domain controller.
Related Articles, References, Credits, or External Links