Windows 10 aggiornamento Group Policy Administrative Templates
Per gestire tramite Group Policy i computer Windows 10 occorre aggiornare i Group Policy Administrative Templates i cui riferimenti per il download dei file .admx sono disponibili nella KB3087759 How to create and manage the Central Store for Group Policy Administrative Templates in Windows.
Sempre come indicato nella KB3087759 il metodo più pratico per gestire le Group Policy centralmente è quello di creare un Central Store nella cartella SYSVOL folder su di un Domain Controller:
To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a Windows domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.
To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the following location (for example) on the domain controller:
\\contoso.com\SYSVOL\contoso.com\policies
Copy all files from the PolicyDefinitions folder on a source computer to the PolicyDefinitions folder on the domain controller. The source location can be either of the following:
- The C:\Windows folder on a Windows 8.1-based or Windows 10-based client computer
- The C:\Program Files (x86)\Microsoft Group Policy\client folder if you have downloaded any of the Administrative Templates separately
The PolicyDefinitions folder on the Windows domain controller stores all .admx files and .adml files for all languages that are enabled on the client computer.
The .adml files are stored in a language-specific folder. For example, English (United States) .adml files are stored in a folder that is named “en-US”; Korean .adml files are stored in a folder that is named “ko_KR”; and so on.
If .adml files for additional languages are required, you must copy the folder that contains the .adml files for that language to the Central Store. When you have copied all .admx and .adml files, the PolicyDefinitions folder on the domain controller should contain the .admx files and one or more folders that contain language-specific .adml files.
Note When you copy the .admx and .adml files from a Windows 8.1-based or Windows 10-based computer, verify that the most recent updates to these files are installed. Also, make sure that the most recent Administrative Templates files are replicated. This advice also applies to service packs, as applicable.
Una volta creato il Central Store per i file .admx è possibile aggiornare i Group Policy Administrative Templates semplicemente copiando i nuovi file .admx sovrascrivendo gli esistenti:
“To make sure that any local updates are reflected in Sysvol, you must manually copy the updated .admx or .adml files from the PolicyDefinitions file on the local computer to the Sysvol\PolicyDefinitions folder on the appropriate domain controller.”
L’aggiornamento potrebbe comportare alcuni issue come riportato sempre nella KB3087759:
“After you copy the Windows 10 .admx templates to the SYSVOL Central Store and overwrite all existing *.admx and *.adml files, click the Policies node under Computer Configuration or User Configuration. When you do this, you may receive the following error message:
Dialog Message text
Namespace ‘Microsoft.Policies.Sensors.WindowsLocationProvider’ is already defined as the target namespace for another file in the store.
File
\\<forest.root>\SysVol\<forest.root>\Policies\PolicyDefinitions\Microsoft-Windows-Geolocation-WLPAdm.admx, line 5, column 110”
Note In the path in this message, <forest.root> represents the domain name.
Per la risoluzione dell’issue è possibile utilizzare le indicazioni contenute nella KB3077013 “‘Microsoft.Policies.Sensors.WindowsLocationProvider’ is already defined” error when you edit a policy in Windows che riporta la seguente procedura basata sul rename di un file .admx nel caso in cui il problema si sia generato in seguito all’upgrade dei Group Policy Administrative Templates:
1. Delete the LocationProviderADM.admx and LocationProviderADM.adml files from the central store.
2. Rename Microsoft-Windows-Geolocation-WLPAdm.admx as LocationProviderADM.admx.
3. Rename Microsoft-Windows-Geolocation-WLPAdm.adml as LocationProviderADM.adml.
Un secondo issue simile al primo che mi è capitato di rilevare è quello relativo al file WinStoreUI.admx:
Administrative Templates
Namespace ‘Microsoft.Policies.WindowsStore’ is already defined as the target namespace for another file in the store.
File \domain.fqdnSysVoldomain.fqdnPoliciesPolicyDefinitionsWinStoreUI.admx, line 4, column 80
Anche in questo caso l’issue si può risolvere con un rename dei file:
1. Delete the WinStoreUI.admx and WinStoreUI.adml files from the central store.
2. Rename WindowsStore.admx as WinStoreUI.admx
3. Rename WindowsStore.adml as WinStoreUI.adml
Un terzo issue che mi è successo è quello relativo al file SearchOCR.admx descritto nella KB4292332 Error “Resource $(string id=”Win7Only)’ referenced in attribute displayName could not be found” when opening gpedit.msc in Windows:
Resource $(string id=”Win7Only)’ referenced in attribute displayName could not be found
In questo caso l’issue si può risolvere sostituendo il file SearchOCR.ADMX e SearchOCR.ADML con quelli presenti negli Administrative Templates (.admx) for Windows 10 April 2018 Update (1803): o in alternativa è possibile correggere manualmente il file:
To fix this issue, download the updated ADMX package by using the following link. Then, use the updated SearchOCR.ADMX and SearchOCR.ADML files from it.
To work around this issue:
- Add the missing String to the 1803 version of SearchOCR.adml
- Copy the old Windows 10, version 1511 version of SearchOCR.admx to the system. This file was not updated after Windows 10, version 1511 until the Windows 10, version 1803 release.
To update SearchOCR.adml follow these steps:
Note this is for the United States English version. Other languages will have similar instructions.
- Locate the file in the \path\PolicyDefinitions\en-US folder
- Make a backup copy of SearchOCR.adml in case that you make a mistake editing the file
- Open the file in a text editor. (If you use notepad.exe, turn on the Status Bar on the View menu)
- Locate line 26
- Add a blank line. Line 26 should now be blank.
- On the blank line 26 paste this text:
<string id=”Win7Only”>Microsoft Windows 7 or later</string>- Save the file.