Windows 10 aggiornamento Group Policy Administrative Templates

Per gestire tramite Group Policy i computer Windows 10 occorre aggiornare i Group Policy Administrative Templates i cui riferimenti per il download dei file .admx sono disponibili nella KB3087759 How to create and manage the Central Store for Group Policy Administrative Templates in Windows.

Sempre come indicato nella KB3087759 il metodo più pratico per gestire le Group Policy centralmente è quello di creare un Central Store nella cartella SYSVOL folder su di un Domain Controller:

To take advantage of the benefits of .admx files, you must create a Central Store in the SYSVOL folder on a Windows domain controller. The Central Store is a file location that is checked by the Group Policy tools. The Group Policy tools use any .admx files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.

To create a Central Store for .admx and .adml files, create a folder that is named PolicyDefinitions in the following location (for example) on the domain controller:

\\contoso.com\SYSVOL\contoso.com\policies

Copy all files from the PolicyDefinitions folder on a source computer to the PolicyDefinitions folder on the domain controller. The source location can be either of the following:

  • The C:\Windows folder on a Windows 8.1-based or Windows 10-based client computer
  • The C:\Program Files (x86)\Microsoft Group Policy\client folder if you have downloaded any of the Administrative Templates separately

The PolicyDefinitions folder on the Windows domain controller stores all .admx files and .adml files for all languages that are enabled on the client computer.

The .adml files are stored in a language-specific folder. For example, English (United States) .adml files are stored in a folder that is named “en-US”; Korean .adml files are stored in a folder that is named “ko_KR”; and so on.

If .adml files for additional languages are required, you must copy the folder that contains the .adml files for that language to the Central Store. When you have copied all .admx and .adml files, the PolicyDefinitions folder on the domain controller should contain the .admx files and one or more folders that contain language-specific .adml files.

Note When you copy the .admx and .adml files from a Windows 8.1-based or Windows 10-based computer, verify that the most recent updates to these files are installed. Also, make sure that the most recent Administrative Templates files are replicated. This advice also applies to service packs, as applicable.

Una volta creato il Central Store per i file .admx è possibile aggiornare i Group Policy Administrative Templates semplicemente copiando i nuovi file .admx sovrascrivendo gli esistenti:

“To make sure that any local updates are reflected in Sysvol, you must manually copy the updated .admx or .adml files from the PolicyDefinitions file on the local computer to the Sysvol\PolicyDefinitions folder on the appropriate domain controller.”

L’aggiornamento potrebbe comportare alcuni issue come riportato sempre nella KB3087759:

“After you copy the Windows 10 .admx templates to the SYSVOL Central Store and overwrite all existing *.admx and *.adml files, click the Policies node under Computer Configuration or User Configuration. When you do this, you may receive the following error message:

Dialog Message text
Namespace ‘Microsoft.Policies.Sensors.WindowsLocationProvider’ is already defined as the target namespace for another file in the store.
File
\\<forest.root>\SysVol\<forest.root>\Policies\PolicyDefinitions\Microsoft-Windows-Geolocation-WLPAdm.admx, line 5, column 110

Note In the path in this message, <forest.root> represents the domain name.

Per la risoluzione dell’issue è possibile utilizzare le indicazioni contenute nella KB3077013 “‘Microsoft.Policies.Sensors.WindowsLocationProvider’ is already defined” error when you edit a policy in Windows che riporta la seguente procedura basata sul rename di un file .admx nel caso in cui il problema si sia generato in seguito all’upgrade dei Group Policy Administrative Templates:

1. Delete the LocationProviderADM.admx and LocationProviderADM.adml files from the central store.

2. Rename Microsoft-Windows-Geolocation-WLPAdm.admx as LocationProviderADM.admx.

3. Rename Microsoft-Windows-Geolocation-WLPAdm.adml as LocationProviderADM.adml.

Un secondo issue simile al primo che mi è capitato di rilevare è quello relativo al file WinStoreUI.admx:

Administrative Templates

Namespace ‘Microsoft.Policies.WindowsStore’ is already defined as the target namespace for another file in the store.

File \domain.fqdnSysVoldomain.fqdnPoliciesPolicyDefinitionsWinStoreUI.admx, line 4, column 80

Anche in questo caso l’issue si può risolvere con un rename dei file:

1. Delete the WinStoreUI.admx and WinStoreUI.adml files from the central store.

2. Rename WindowsStore.admx as WinStoreUI.admx

3. Rename WindowsStore.adml as WinStoreUI.adml