Managing BitLocker & UAC Setting on a 2003 Domain

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,

I am pretty new to this, so please forgive me if the question seems junior.
I am trying to managing some of the new Vista Enterprise settings on a
Windows 2003R2 domain controller. Since the new settings for Vista are in
ADMX format, and the native gpedit and gpmc on my DC can only read ADM files,
how am I supposed to manage these settings ? I read several doc's on this,
extended my schema, created a new ACE object for TPM chips, built a central
store for ADMX/ADML files etc.. I'm still confused. Any guidance would be
appreciated.
 
AnthonyR said:
Hello,

I am pretty new to this, so please forgive me if the question seems
junior.
I am trying to managing some of the new Vista Enterprise settings on a
Windows 2003R2 domain controller. Since the new settings for Vista are in
ADMX format, and the native gpedit and gpmc on my DC can only read ADM
files,
how am I supposed to manage these settings ? I read several doc's on this,
extended my schema, created a new ACE object for TPM chips, built a
central
store for ADMX/ADML files etc.. I'm still confused. Any guidance would be
appreciated.
Click to expand...


Just follow the instructions at
http://technet2.microsoft.com/Windo...72e1-484b-a67a-22f66fbf9d171033.mspx?mfr=true
 
Thanks Mike. So if I am understanding this correctly... I create the central
store on the 2003DC and copy over the Vista ADMX files to this central store
on my DC. When I fire up the GPMC or GPEDIT consoles on my Vista machine,
they will point to the ADMX files on the 2003DC even though I cannot view any
updated Vista specific GPO's on the 2003DC. Is that right ?

Assuming it is, I guess what I found confusing was that the fact that I am
updating domain GPO's from a Vista client, I thought I would have to do this
from a DC or member server.
 
Anthony - read the page and follow all the instructions on it.
It answers all your questions.
more below in line.

--

Mike Brannigan
AnthonyR said:
Thanks Mike. So if I am understanding this correctly... I create the
central
store on the 2003DC and copy over the Vista ADMX files to this central
store
on my DC.
Yes

When I fire up the GPMC or GPEDIT consoles on my Vista machine,
they will point to the ADMX files on the 2003DC even though I cannot view
any
updated Vista specific GPO's on the 2003DC. Is that right ?
Click to expand...

As per the doc you run GPMC.msc (nothing else) on a domain member Vista
machine under an account that has the relevant domain admin credentials to
allow the creation/edit etc of GPOs.
As you see when you run the tool you see the forest etc and drill down to
the GPOs - have you actually done this yet ? if you are not doing this
now - then do so otherwise you are unlikely to understand as when you see it
it all makes sense.
Assuming it is, I guess what I found confusing was that the fact that I am
updating domain GPO's from a Vista client, I thought I would have to do
this
from a DC or member server.
Click to expand...

Why the confusion - surely you do not go and locally sit at a DC to edit
your GPOs now !??
Of course you edit them at your desk on a member PC.
 
Back
Top