A few weeks ago I posted a blog entry about the new Group Policy in Windows Vista (W2K3 R2 server/Longhorn) and how it uses ADMX files instead of ADM files. http://kenzig.blogspot.com/2006/11/article-getting-ready-for-vista-group.html
In reading I was complaing that there was no tool to edit or create ADM files and MS had no plans to create one. Guess the article and I was wrong as Microsoft just released the ADMX file convertsion tool per my announment below.. (note to self.. never say never)
Microsoft has recently released a tool to convert your current ADM file into an ADMX file for use on Vista Group Policy. It also includes an editor for ADMX Files:
From http://www.microsoft.com/downloads/details.aspx?FamilyID=0f1eec3d-10c4-4b5f-9625-97c2f731090c&DisplayLang=en
The ADMX Migrator enables you to convert ADM files to the ADMX format and take advantage of the additional capabilities that it provides. The new XML-based format includes multilanguage support, an optional centralized datastore, and version control capabilities. You can select multiple ADM files for conversion. The ADMX Migrator creates a unique namespace which you can rename and will display a warning if a collision is detected due to duplicate names. Also, any items that cannot be validated against the ADMX schema are preserved in an Unsupported section. Please note that any annotations in ADM files are removed during the conversion process.Additionally, the ADMX Migrator provides an ADMX editor with a graphical user interface for creating and editing Administrative Templates. You can select settings from menus rather than entering them manually in a text file, speeding template creation and reducing the chance for error.
Get the file from the above link.
Also Microsoft last week released the final version of a list of all of the group policies that will be available for VISTA at:
http://www.microsoft.com/downloads/details.aspx?FamilyID=41dc179b-3328-4350-ade1-c0d9289f09ef&DisplayLang=en
Genius is Overrated! The ethereal blog of Jim Kenzig.
Wednesday, November 29, 2006
Tuesday, November 21, 2006
Link Pick: FIRE! Want to see what happens when a laptop battery explodes?
Check out this safety video over at PCPitstop showing a demonstration about what happens when a laptop battery explodes. At one point flames shoot up to over 6 feet!
http://www.pcpitstop.com/pcsafety/video.asp
Would you be prepared to put this type of fire out at your organization?
Never Fear! Computer reseller news just posted this story about 6 laptops that don't burn! Check it out at:
http://www.crn.com/sections/coverstory/coverstory.jhtml?articleId=194400947
http://www.pcpitstop.com/pcsafety/video.asp
Would you be prepared to put this type of fire out at your organization?
Never Fear! Computer reseller news just posted this story about 6 laptops that don't burn! Check it out at:
http://www.crn.com/sections/coverstory/coverstory.jhtml?articleId=194400947
Friday, November 17, 2006
Download Pick: Spike Explore
Citrix recently released a new utility to their KB called Spike Explorer. Sounds like a very good tool to add to your toolkit!
http://support.citrix.com/kb/entry.jspa?entryID=11689
--
Jim Kenzig
Microsoft MVP - Terminal Services
http://www.thinhelp.com
Citrix Technology Professional
Provision Networks VIP
CEO The Kenzig Group
http://www.kenzig.com
Blog: http://www.techblink.com
SpikeExplore extends the functionality of QSlice.exe—it captures the spiking thread details and user dumps of spiking processes. Spiking thread details are saved to Microsoft Word .doc files.
SpikeExplore Features:
- It has a user-friendly GUI.
- It supports three types of dump creation options using the File menu (multiple select is possible):
- It creates user dumps of selected processes.
- It creates Word documents with the user dumps of selected spiking processes along with thread details.
- It creates Word documents with the user dumps of all spiking processes along with spiking thread details. It currently dumps all processes that consume more than 10 percent of the CPU.
- It supports a pop-up File menu to create user dumps and spiking thread details.
- It provides toolbar buttons for the three dumping menu items listed above for the File menu (refer to the second bullet above).
- It is supported on x86 systems, 32-bit Windows XP, Windows Server 2003 and Windows 2000 Server.
- It updates the CPU usage of the machine and individual processes every second.
Note: CPU usage for this tool is around 0 to 1 percent. - By default it uses NTSD.exe as the default debugger to create user dumps. It also provides the option to change the default debugger to other known debuggers (for example, windbg.exe or userdump.exe).
http://support.citrix.com/kb/entry.jspa?entryID=11689
--
Jim Kenzig
Microsoft MVP - Terminal Services
http://www.thinhelp.com
Citrix Technology Professional
Provision Networks VIP
CEO The Kenzig Group
http://www.kenzig.com
Blog: http://www.techblink.com
Wednesday, November 15, 2006
Listing of Microsoft related Blogs
Here is a listing I was supplied from my MVP lead of Microsot related Blogs that I thought would be great to
pass along to you all!
ADFS | |
Exchange Server | |
Identity & Access | |
Vista | |
Active Directory | |
Active Directory | |
User Account Control | |
Security | |
User Account Control | |
Terminal Services | |
Windows Internals | |
Windows Server | |
Security | |
Security | |
Security | |
Longhorn Server Core | |
Bitlocker | |
Longhorn/Vista | |
Technet | |
Active Directory | |
Group Policy | |
Network Monitor | |
Authentication | |
Vista | |
Vista Performance | |
Active Directory | |
Cryptography | |
Sysinternals tools | |
Security | |
Event Log | |
Security | |
Bitlocker | |
Active Directory | |
Exchange |
Download Pick: Windows Powershell
Microsoft at TechEd 2006 announced the general availability of Windows Powershell. A powerful scripting language.
SEE:
http://www.microsoft.com/windowsserver2003/technologies/management/powershell/default.mspx
Here is a quote from Bill Laing:
Windows PowerShell is a new command-line shell and scripting language that helps IT professionals achieve greater productivity, more easily control system administration and accelerate automation, and does not require a background in programming. Another major benefit to customers is that it works with existing scripts such as VBScript and Perl, and IT infrastructures including Windows XP, Windows Vista, Windows Server 2003 and future operating-system versions – including Windows Server "Longhorn" – thereby offering long-term investment protection to customers.
SEE:
http://www.microsoft.com/windowsserver2003/technologies/management/powershell/default.mspx
Here is a quote from Bill Laing:
Windows PowerShell is a new command-line shell and scripting language that helps IT professionals achieve greater productivity, more easily control system administration and accelerate automation, and does not require a background in programming. Another major benefit to customers is that it works with existing scripts such as VBScript and Perl, and IT infrastructures including Windows XP, Windows Vista, Windows Server 2003 and future operating-system versions – including Windows Server "Longhorn" – thereby offering long-term investment protection to customers.
A number of other Microsoft products work with Windows PowerShell to improve efficiency and productivity, including Exchange Server 2007, System Center Operations Manager 2007, System Center Data Protection Manager V2 and System Center Virtual Machine Manager. We are also seeing partners adopting Windows PowerShell including FullArmor, /n Software, PowerGadgets and Quest Software.
We've heard positive feedback from customers so far, and we're pleased to have a customer – MySpace – attending IT Forum this year to share their experience. Allen Hurff, vice president of engineering at MySpace, has said that the benefit of adopting Windows PowerShell is that ad-hoc tasks that used to take the company upwards of 10 minutes can now run in five seconds or less, all the while providing better reporting, greatly-increased accuracy and much less manual labor.
Windows PowerShell can be downloaded today at www.microsoft.com/powershell/download.
Microsoft also announced the release candidate for Windows 2003 Service Pack 2 at the show.Wednesday, November 08, 2006
On Citrix Wanscaler and WAAS and Wah Wah Wah.
I posted this blog entry on September 27th prior to attending Citrix iForum. I thought I would pop it back up to the top of my blog because the Wanscaler, in my opinion was one of the most exciting new things to come out of iForum . Mark Templeton even highlighted and live demo'd the device in his keynote showing the speed of copying folders across a wide area. (actually a continent away from Australia even!) The speed difference was staggering with and without! I handed every person within Citrix who had anything to do with wanscaler my business card begging to get a demo of the device for our Library system. Still no joy as of this writing, Ive not been contacted by anyone yet. :{ (*I am starting to think it was all smoke and mirrors Mark. Other than the one in the iForum Materials we have yet to see an actual picture of the device. LOL) Cmon guys I've been begging to get ahold of one for over a month and a half now....
Careful Citrix, I now hear rumors that Cisco is releasing a card to go along with their WAAS version of this technology that will plug right into their routers in January instead of putting an inline device in place. Sounds pretty compelling and as you can see from above..they do have a picture of the device. Seeing is believing. : )
Below is the original posting from Sept. 27.
Citrix's recent acquisition of OrbitalData, chronicaled and announced at:
http://www.citrix.com/english/ne/clp/article.asp?contentID=37272
creates a sense of excitement for me. This device is beyond the scope of what Citrix has been doing in the appliance world. Now everything they do is about "application delivery". I attended a seminar on the device at the Microsoft offices here in Cleveland yesterday and the one thing that stuck in my mind is the device optimizes CIFS. CIFS or common interchange file system, is Microsofts shot at improving SMB. (See wikipedia http://en.wikipedia.org/wiki/Cifs)
Let me tell you why I think this is cool technology and how it can save your organization some money. The WanScaler is a synchronous solution in that you need a box at your data center and at each of your remote branches that you want to use it at.
We have come up with all of these cool ways to try and speed up delivery of mandatory profiles but this box could potentially be the end all be all to resolve the issues once and for all. You see CIFS are file traffic on a windows network. And Windows networks are extremely chatty. What if you could in effect copy the profile or data only once down to a box like this and all subsequent requests were delivered locally at the site instead of across the Wan?
The box has some intelligence built into it that stores the files, and will only download changes on subsequent requests. In a thin client environment this could reap some benefits if you are using a roaming mandatory profile for the clients to log into the network in order to authenticate and run the citrix client. In a standard windows environment that uses mandatory profiles where masses of people come in the morning at the same time and logon at the same time, this could dramatically improve the speed of logins. Anyways that is where I saw a benefit for us because all of workstations login with the same user name and get a dumb desktop that has a browser and Citrix client. Pipes get flooded in the morning and again in the afternoon when second shift starts logging on. Simply caching the profile at the remote site could free up a lot of bandwidth for us.
They mention CIFS but aren't selling the device saying it will speed up logins. At least not yet. The box claims to be transparent...they are not kidding! I have yet to actually see a picture of the Citrix version of it. I am hoping at iForum. It also was claimed you can get OC3 performance from your DS3! I was promised an onsite demo at the seminar I attended. Mark Templeton if you are listening I want the first one out of the box! (after all we were the first customer on CPS 4, implementing it the day it was released) WAH.
That being said I would be remiss if I did not point out that Cisco just released a similar product (or at least news releases about a similar product..seems also that this one is also transparent when trying to find an actual picture) called WAAS. Which stands for Wide area application services. Apparently these are cards that you can plug right in to the Cisco routers that do the same thing. So I guess I have to eat my words of a few weeks ago where I said that Citrix is hardly a competitor to Cisco. The two companies now have a competitive technological device. However l think that the Citrix box may be a hard sell in an all Cisco shop though. Plugging a card into an existing router or switch is a whole lot easier than trying to find more rack space at the head end and branches.
Either way it is a win win for us consumers and the Baby Bells better take note of this technology and embrace it as part of their package. It makes a whole lot of sense to buy a couple of devices to increase bandwidth instead of purchasing additional bandwidth with reoccuring fees.
Now if we could just get past that transparent issue and I could get my hands on them.... WAH : )
http://www.citrix.com/english/ne/clp/article.asp?contentID=37272
creates a sense of excitement for me. This device is beyond the scope of what Citrix has been doing in the appliance world. Now everything they do is about "application delivery". I attended a seminar on the device at the Microsoft offices here in Cleveland yesterday and the one thing that stuck in my mind is the device optimizes CIFS. CIFS or common interchange file system, is Microsofts shot at improving SMB. (See wikipedia http://en.wikipedia.org/wiki/Cifs)
Let me tell you why I think this is cool technology and how it can save your organization some money. The WanScaler is a synchronous solution in that you need a box at your data center and at each of your remote branches that you want to use it at.
We have come up with all of these cool ways to try and speed up delivery of mandatory profiles but this box could potentially be the end all be all to resolve the issues once and for all. You see CIFS are file traffic on a windows network. And Windows networks are extremely chatty. What if you could in effect copy the profile or data only once down to a box like this and all subsequent requests were delivered locally at the site instead of across the Wan?
The box has some intelligence built into it that stores the files, and will only download changes on subsequent requests. In a thin client environment this could reap some benefits if you are using a roaming mandatory profile for the clients to log into the network in order to authenticate and run the citrix client. In a standard windows environment that uses mandatory profiles where masses of people come in the morning at the same time and logon at the same time, this could dramatically improve the speed of logins. Anyways that is where I saw a benefit for us because all of workstations login with the same user name and get a dumb desktop that has a browser and Citrix client. Pipes get flooded in the morning and again in the afternoon when second shift starts logging on. Simply caching the profile at the remote site could free up a lot of bandwidth for us.
They mention CIFS but aren't selling the device saying it will speed up logins. At least not yet. The box claims to be transparent...they are not kidding! I have yet to actually see a picture of the Citrix version of it. I am hoping at iForum. It also was claimed you can get OC3 performance from your DS3! I was promised an onsite demo at the seminar I attended. Mark Templeton if you are listening I want the first one out of the box! (after all we were the first customer on CPS 4, implementing it the day it was released) WAH.
That being said I would be remiss if I did not point out that Cisco just released a similar product (or at least news releases about a similar product..seems also that this one is also transparent when trying to find an actual picture) called WAAS. Which stands for Wide area application services. Apparently these are cards that you can plug right in to the Cisco routers that do the same thing. So I guess I have to eat my words of a few weeks ago where I said that Citrix is hardly a competitor to Cisco. The two companies now have a competitive technological device. However l think that the Citrix box may be a hard sell in an all Cisco shop though. Plugging a card into an existing router or switch is a whole lot easier than trying to find more rack space at the head end and branches.
Either way it is a win win for us consumers and the Baby Bells better take note of this technology and embrace it as part of their package. It makes a whole lot of sense to buy a couple of devices to increase bandwidth instead of purchasing additional bandwidth with reoccuring fees.
Now if we could just get past that transparent issue and I could get my hands on them.... WAH : )
Microsoft Launches "Sysinternals" page
The integration of Microsofts acquistion of Sysinternals has taken place (sorta) and they have launched a "Microsoft Sysinternals" page on the Microsoft site making all of the utilities available. Note that the download still seem to come from download.sysinternals.com and the couple of utilities at least that I dowloaded did not have the Eula updated to Microsofts, so it is basically the same stuff only the file dates have changed to protect the innocent.
See:
http://www.microsoft.com/technet/sysinternals/default.mspx
In an interesting twist the below link was posted to the Thin list
http://www.microsoft.com/technet/sysinternals/Miscellaneous/BlueScreen.mspx
It would appear that Microsoft still has a sense of humor and put out Russinovich's famed fake blue screen
screen saver that has been around for going on 10 years. Who could forget the "Amaze your friends. Scare your enemies" tag. :)
Also of interest is the new Process Monitor utility that combines the power of Filemon and Regmon into one utility
Download Pick: Windows Vista Application Compatibility ToolKit
Picked this up off the team Vista blog...The Application Compatibility Toolkit for Vista is now available:
http://windowsvistablog.com/blogs/windowsvista/archive/2006/11/08/application-compatibility-toolkit-5-0-rc-for-download.aspx
This past weekend the application compatibility team passed a major milestone as they posted the release candidate of the Application Compatibility Toolkit (ACT) 5.0 on the web for download. ACT 5.0 RC is an all in one tool to help IT pros collect, analyze and share application compatibility information. I think that the cool thing about ACT is that it is based on requirements from our IT Pros and is intended to make their lives easier. It helps scope the work that needs to be done in an enterprise, to ensure they are strategically investing their time. By providing a single place that shows Microsoft's test results, alongside reports from the ISVs and other IT Pros, ACT 5.0 makes it simple to find the areas that need focus within the enterprise. ACT 5.0 RC also has compatibility evaluators to detect the common application compatibility issues that LOB and other applications might have on Windows Vista.
If you are an IT Pro responsible for deployment, you should go to the connect website and download the ACT product guide and the new toolkit. http://connect.microsoft.com/site/sitehome.aspx?SiteID=81.
If you are an IT Pro responsible for deployment, you should go to the connect website and download the ACT product guide and the new toolkit. http://connect.microsoft.com/site/sitehome.aspx?SiteID=81.
Monday, November 06, 2006
UPDATED: What are you getting for SA subscription this year? Not much if you are not running CPS 4.
UPDATE 11/6/06
Brian Madden has posted a story as a result of this article at
Here is what Citrix Says you got this year:
x64 Presentation Server 4.0
Web Interface for Active Directory Federation Services (ADFS)
Web Interface 4.2
Web Interface for SharePoint (WISP)
Management Pack for MOM 2005
Resource Manager Semantic tool
(Just announced) Desktop Broker for Presentation Server (for VDI)
Web Interface for Active Directory Federation Services (ADFS)
Web Interface 4.2
Web Interface for SharePoint (WISP)
Management Pack for MOM 2005
Resource Manager Semantic tool
(Just announced) Desktop Broker for Presentation Server (for VDI)
My response to this is:
A lot of people do not run Sharepoint, MOM, or Virtual Servers, X64 or RM unless they are on Enterprise for
that matter so these "extras" offer no benefits. The 4.2 Web Interface is a minimal and Security Update, in My opinion.
I believe that if I am paying for "yearly" updates to products I purchased, a release of an additional
I believe that if I am paying for "yearly" updates to products I purchased, a release of an additional
new add on that I may or may not be able use does not justify the expense. Give me an update to
the product I own. Security updates are expected and should not be considered a premium service.
I don't think I am alone in feeling this way.
Jim
========================================================
Original Article:
Well Mark Templeton announce the new MyCitrix.com and with it the bone that you get for all the money
you have paid to have Subscription advantage this year. At 10 AM EST yesterday the Citrix Broker for Presentation 4 was added to your Mycitrix.com account.
Issue...try and find it... the prominent DOWNLOADS pick that used to be in the middle of the page is now up at the top of the page (hidden in my opinion) in some of the smallest font on the page. It is the same download choice that you would think to click on if you wanted to go out and get the Citrix clients. You would think downloads would be found in the nifty MY TOOLS drop down..sorry.. not there.
Anyways if you aren't yet running CPS 4 and don't plan on going there, you get squat.
I don't see any other software or give me's coming anytime soon from anything I have heard. This is very disheartening. Our company spends a lot of money for SA and I am at the point where I am going to start preaching to people to save their money if Citrix doesn't throw us a bone.
Here is my suggestion... I think Citrix should give every customer with a current SA subscription a FREE 1 year license to GoToAssist.
Would that be asking so much? Would you feel you got something for all your dollars then or should they do something else?
I'd like to hear your thoughts. I'll certainly pass them along while I am here in Orlando.
Here is the info on the Citrix Broker:
Desktop Broker for Presentation Server 4.0
Release Date: 10/20/2006
Well Mark Templeton announce the new MyCitrix.com and with it the bone that you get for all the money
you have paid to have Subscription advantage this year. At 10 AM EST yesterday the Citrix Broker for Presentation 4 was added to your Mycitrix.com account.
Issue...try and find it... the prominent DOWNLOADS pick that used to be in the middle of the page is now up at the top of the page (hidden in my opinion) in some of the smallest font on the page. It is the same download choice that you would think to click on if you wanted to go out and get the Citrix clients. You would think downloads would be found in the nifty MY TOOLS drop down..sorry.. not there.
Anyways if you aren't yet running CPS 4 and don't plan on going there, you get squat.
I don't see any other software or give me's coming anytime soon from anything I have heard. This is very disheartening. Our company spends a lot of money for SA and I am at the point where I am going to start preaching to people to save their money if Citrix doesn't throw us a bone.
Here is my suggestion... I think Citrix should give every customer with a current SA subscription a FREE 1 year license to GoToAssist.
Would that be asking so much? Would you feel you got something for all your dollars then or should they do something else?
I'd like to hear your thoughts. I'll certainly pass them along while I am here in Orlando.
Here is the info on the Citrix Broker:
Desktop Broker for Presentation Server 4.0
Release Date: 10/20/2006
The Desktop Broker for Citrix Presentation Server is the initial component of a growing portfolio of virtualized desktop delivery solutions from Citrix Systems, and the first Citrix feature to be a part of the Citrix Dynamic Desktop Delivery Initiative. The Desktop Broker is an add-on feature for Presentation Server 4.0 that provides seamless management and session brokering for pooled and private Windows XP images in a virtual desktop environment. It supports access to both shared and dedicated virtual desktops. The shared desktop model is the proven published desktop model from Citrix Presentation Server, and the dedicated model consists of windows XP desktops on virtual systems like VMWare or Microsoft Virtual Server, or on physically separated blade PCs. The solution enables customers to create Windows desktop pools that are dynamically brokered to multiple users or mapped specifically for a single user. Management functions, including pool definition and group/user assignment are enabled via an MMC administrative plug-in.
The Desktop Broker is available at no additional charge to Presentation Server customers with valid Subscription Advantage. Technical Support will be provided in alignment with current Citrix support agreements.
====
So basically if you are not using Xen, VMWare or Microsoft Virtual Server or running CPS 4 anyplace the Citrix Desktop Broker is not for you.
I am not sure if these links will work outside of Mycitrix but here are the FAQ links
Basic
Technical
Readme is here
Admin guide is here
Jim
Thursday, November 02, 2006
Article: Getting Ready for Vista Group Policy
Windows Vista, the next operating system from Microsoft, is scheduled to be released next week on November 8th. One of the most important things that is different with Vista for the System Administrator is how Group Policy works.
Recently there was a good article on Vista's new Group Policy (GP) in Technet Magazine in the November issue written by Jeremy Moskowitz, MS GP MVP and webmaster of gpanswers.org.
As good as the article is, Jeremy glosses over and misses some key details of what you need to know to get Vista GPO working on your domain. I had to do some further research and quite a bit of reading to come across how to go about doing this. And of course this is my whole reason for writing this article to share what I have learned.
First and foremost, Windows Vista now uses policy template files that end in the extension ADMX instead of ADM. The ADMX file is written in XML, quite different than that of the text based ADM files. Vista will still read adm files but it is not optimal to use them. I found an article 918239 on the Microsoft site on how to write a sample ADMX file for Internet Explorer. As you can see it is not for the faint of heart.
There are over 800 new policies available for Windows Vista. The caveat is that Windows Vista Policies can be put on a Windows 2000 or 2003 server, but MUST be managed from a Windows Vista Machine.
In order to set up your Windows 2000/2003 Domain controller to manage Vista Group Policy you must set up a central store. I found the steps to do this on a Microsoft page in the technet library.
Here are the steps from the above Microsfot article to creating a Central Store on your Domain Controller in order to use the Vista Group Policies.
The central store has to be created manually once on a domain controller. This domain controller can be a Windows Server 2000/2003. The File Replication Service (FRS) will replicate it to the other domain controllers of this domain. It is recommended, though, to create the central store on the primary domain controller.
Older versions of group policy copied all template files into a new directory for every policy you created. Using a central store saves bunches of disk space. The old GPMC created a separate uuid for each policy you created that could go over 5 meg for each policy. A central store in vista uses the same templates for all policies. This is what makes using the new Vista policies beneficial and worth looking at.
In light of over 800 new policies Microsoft has produced a spreadsheet of the policies as of beta 2 available on their website here. Microsoft also has created a guide for Managing Vista Group Policy that you can get from this link. With another version of it in html found here.
So as you can see the information on ADMX templates and Vista Group Policy is already pretty spread out and available... it is just finding it and sorting it all out that is the problem. The frustration comes when you go to look for some sort of utility to help you create your own ADMX templates with XML or edit existing ones. No such utility exists and it is noted in the Technet magazine articel that Microsoft has no plans of releasing one. There is the XML Notepad 2006 utility that may be of use but that is not specifically made for editing policies..only XML files. You still have know what you are doing.
If anything I hope this article gives you the additional information and directions of where to go to get the information you need to get you started using Vista Group Policy.
Copyright Jim Kenzig
Here are Link resources from the Article:
Technet Magazine: More Powerful Group Policy In Windows Vista
http://www.microsoft.com/technet/technetmag/issues/2006/11/VistaGPO/default.aspx
MSKB Article 918239: How to write custom .adm and .admx administrative template files to provide an elevation policy for protected mode in Internet Explorer 7.0
http://support.microsoft.com/kb/918239
Editing Domain-Based GPOs Using ADMX Files
http://www.microsoft.com/technet/windowsvista/library/1494d791-72e1-484b-a67a-22f66fbf9d17.mspx
Group Policy Settings Reference Windows Vista Beta 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=7812c9cb-e6ca-4144-98ab-2d78587462c5&DisplayLang=en
Managing Group Policy ADMX Files Step by Step Guide
http://download.microsoft.com/download/3/b/a/3ba6d659-6e39-4cd7-b3a2-9c96482f5353/Managing%20Group%20Policy%20ADMX%20Files%20Step%20by%20Step%20Guide.doc
and
http://www.microsoft.com/technet/windowsvista/library/02633470-396c-4e34-971a-0c5b090dc4fd.mspx
XML NotePad 2006
http://www.microsoft.com/downloads/details.aspx?familyid=72D6AA49-787D-4118-BA5F-4F30FE913628&displaylang=en
Recently there was a good article on Vista's new Group Policy (GP) in Technet Magazine in the November issue written by Jeremy Moskowitz, MS GP MVP and webmaster of gpanswers.org.
As good as the article is, Jeremy glosses over and misses some key details of what you need to know to get Vista GPO working on your domain. I had to do some further research and quite a bit of reading to come across how to go about doing this. And of course this is my whole reason for writing this article to share what I have learned.
First and foremost, Windows Vista now uses policy template files that end in the extension ADMX instead of ADM. The ADMX file is written in XML, quite different than that of the text based ADM files. Vista will still read adm files but it is not optimal to use them. I found an article 918239 on the Microsoft site on how to write a sample ADMX file for Internet Explorer. As you can see it is not for the faint of heart.
There are over 800 new policies available for Windows Vista. The caveat is that Windows Vista Policies can be put on a Windows 2000 or 2003 server, but MUST be managed from a Windows Vista Machine.
In order to set up your Windows 2000/2003 Domain controller to manage Vista Group Policy you must set up a central store. I found the steps to do this on a Microsoft page in the technet library.
Here are the steps from the above Microsfot article to creating a Central Store on your Domain Controller in order to use the Vista Group Policies.
The central store has to be created manually once on a domain controller. This domain controller can be a Windows Server 2000/2003. The File Replication Service (FRS) will replicate it to the other domain controllers of this domain. It is recommended, though, to create the central store on the primary domain controller.
- First, you have to create the root folder of the central store:
%systemroot%\sysvol\domain\policies\PolicyDefinitions - Copy all ADMX files (also the .adml folders) from the local store of your Vista machine to the central store. The local store can be found under %systemroot%\PolicyDefinitions.
Older versions of group policy copied all template files into a new directory for every policy you created. Using a central store saves bunches of disk space. The old GPMC created a separate uuid for each policy you created that could go over 5 meg for each policy. A central store in vista uses the same templates for all policies. This is what makes using the new Vista policies beneficial and worth looking at.
In light of over 800 new policies Microsoft has produced a spreadsheet of the policies as of beta 2 available on their website here. Microsoft also has created a guide for Managing Vista Group Policy that you can get from this link. With another version of it in html found here.
So as you can see the information on ADMX templates and Vista Group Policy is already pretty spread out and available... it is just finding it and sorting it all out that is the problem. The frustration comes when you go to look for some sort of utility to help you create your own ADMX templates with XML or edit existing ones. No such utility exists and it is noted in the Technet magazine articel that Microsoft has no plans of releasing one. There is the XML Notepad 2006 utility that may be of use but that is not specifically made for editing policies..only XML files. You still have know what you are doing.
If anything I hope this article gives you the additional information and directions of where to go to get the information you need to get you started using Vista Group Policy.
Copyright Jim Kenzig
Here are Link resources from the Article:
Technet Magazine: More Powerful Group Policy In Windows Vista
http://www.microsoft.com/technet/technetmag/issues/2006/11/VistaGPO/default.aspx
MSKB Article 918239: How to write custom .adm and .admx administrative template files to provide an elevation policy for protected mode in Internet Explorer 7.0
http://support.microsoft.com/kb/918239
Editing Domain-Based GPOs Using ADMX Files
http://www.microsoft.com/technet/windowsvista/library/1494d791-72e1-484b-a67a-22f66fbf9d17.mspx
Group Policy Settings Reference Windows Vista Beta 2
http://www.microsoft.com/downloads/details.aspx?FamilyID=7812c9cb-e6ca-4144-98ab-2d78587462c5&DisplayLang=en
Managing Group Policy ADMX Files Step by Step Guide
http://download.microsoft.com/download/3/b/a/3ba6d659-6e39-4cd7-b3a2-9c96482f5353/Managing%20Group%20Policy%20ADMX%20Files%20Step%20by%20Step%20Guide.doc
and
http://www.microsoft.com/technet/windowsvista/library/02633470-396c-4e34-971a-0c5b090dc4fd.mspx
XML NotePad 2006
http://www.microsoft.com/downloads/details.aspx?familyid=72D6AA49-787D-4118-BA5F-4F30FE913628&displaylang=en
Subscribe to:
Posts (Atom)