Windows Server 2008 and Windows Vista : Architectural Parts of a GPO (part 1) - Group Policy Template

8/27/2012 1:08:08 AM
The Group Policy template (GPT) is the portion of the GPO that is stored in the SYSVOL folder on the domain controllers. The GPT is not a single file or folder, but rather a suite of folders and files that are used to store and maintain the settings that are established in a GPO. The GPT is very dynamic, yet very simple.

Each GPO has a unique GPT where the files are stored. The GPT is kept unique between GPOs by its GUID (globally unique identifier). When a GPO is initially created, a new folder is created under the %windir%\SYSVOL\sysvol\<domainname>\Policies folder. This new folder is named the same as the GPO’s GUID, as you can see in Figure 1.

Figure 1. All Group Policy templates are stored in a unique folder named after the GPO’s GUID; they are all stored in the SYSVOL\Policies folder on each domain controller.

During the creation of the GPT main folder, additional folders and files are created under this root folder. These folders and files include:

  • Group Policy folder Holds the GPE.ini file. The GPE.ini file tracks the GUIDs for the CSEs that are referenced in the GPO. As settings within the GPO are added or removed, the associated GUID for the CSE controlling the setting is added or removed from this file.

  • Machine folder Stores all GPO settings that are configured under the Computer Configuration node in the GPO.

  • User folder Stores all GPO settings that are configured under the User Configuration node in the GPO.

  • Gpt.ini file Tracks the GPO version number. The version number changes each time the GPO is modified.

Figure 2 illustrates the default folders and files that exist in the GPT.

Figure 2. Newly created GPOs have only two default folders and one default file that make up the GPT in SYSVOL.

As settings are created in the GPO, additional folders and files are created in the appropriate folder, depending on whether a Computer Configuration setting or a User Configuration setting is made.

Not all settings create the same type of files. The different portions of the GPO make up the different client-side extensions supported in the GPO. When a setting is made for each client-side extension, the file in which it is stored within the GPT is also different. Table 1 shows the client-side extension in addition to the files used within the GPT for that extension.

Table 1. Group Policy Template Files
Client-Side ExtensionFolder Structure in GPTFile Name and Extension in GPT
Software InstallationMachine\Applications<GUID>.aas
ScriptsMachine\Scripts\StartupVaries (typically with .vbs, .bat, .cmd, .exe extension)
SecurityMachine\Microsoft\Windows NT\SecEditGptTmpl.inf
Windows Firewall and Advanced SecurityMachineRegistry.pol
Public Key PoliciesMachineRegistry.pol
Software Restriction PolicyMachineRegistry.pol
Network Access ProtectionMachineRegistry.pol
Policy Based QoSMachineRegistry.pol
Remote Installation ServicesMicrosoft\RemoteInstallOscfilter.ini
Folder RedirectionUser\Documents & SettingsFdeploy1.ini
Internet Explorer MaintenanceUser\Microsoft\IEAKVarious folders and files
Group Policy EnvironmentMachine\Preferences\EnvironmentVariablesEnvironmentVariables.xml
Group Policy Data SourcesMachine\Preferences\DataSourcesDataSources.xml
Group Policy DevicesMachine\Preferences\DevicesDevices.xml
Group Policy FilesMachine\Preferences\FilesFiles.xml
Group Policy Folder OptionsMachine\Preferences\OptionsOptions.xml
Group Policy FoldersMachine\Preferences\FoldersFolders.xml
Group Policy Local Users and GroupsMachine\Preferences\GroupsGroups.xml
Group Policy Ini FilesMachine\Preferences\IniFilesIniFiles.xml
Group Policy Network OptionsMachine\Preferences\NetworkOptionsNetworkOptions.xml
Group Policy Network SharesMachine\Preferences\NetworkSharesNetworkShares.xml
Group Policy Power OptionsMachine\Preferences\PowerOptionsPowerOptions.xml
Group Policy PrintersMachine\Preferences\PrintersPrinters.xml
Group Policy RegistryMachine\Preferences\RegistryRegistry.xml
Group Policy Scheduled TasksMachine\Preferences\ScheduledTasksScheduledTasks.xml
Group Policy ServicesMachine\Preferences\ServicesServices.xml
Group Policy ShortcutsMachine\Preferences\ShortcutsShortcuts.xml
Group Policy ApplicationsUser\ Preferences\ApplicationsApplications.xml
Group Policy Drive MapsUser\ Preferences\DrivesDrives.xml
Group Policy Internet SettingsUser\ Preferences\InternetSettingsInternetSettings.xml
Group Policy Regional OptionsUser\ Preferences\RegionalOptionsRegionalOptions.xml
Group Policy Start MenuUser\ Preferences\StartMenuTaskbarStartMenuTaskbar.xml

Figure 3 illustrates what a complex set of GPO settings might look like through the files and folders that are created in the GPT.

Figure 3. When a GPO has many settings configured in different areas of the GPO, folders and files may be created in the GPT.

As you can see, the GPT is responsible for housing all of the raw settings that are made in a GPO. Each setting is stored in a unique file structure, which correlates with the client-side extension under which it is categorized. The files that are stored in the GPT are delivered to the target computer during Group Policy processing.

  •  Windows Server 2003 : Server Clustering (part 4) - Using the Cluster Application Wizard, Configuring Failover and Failback
  •  Windows Server 2003 : Server Clustering (part 3) - Creating a New Cluster Group, Adding a Resource to a Group
  •  Windows Server 2003 : Server Clustering (part 2) - Creating a True Server Cluster, Adding a Node to an Existing Cluster
  •  Windows Server 2003 : Server Clustering (part 1) - Cluster Terminology, Types of Resources, lanning a Cluster Setup
  •  Windows XP : Participating in Internet Newsgroups - Downloading Messages
  •  Windows XP : Participating in Internet Newsgroups - Working with Newsgroups in Outlook Express
  •  Analysis Ultrabooks
  •  Farewell To Pixels : Retina MacBook Pro brings the new age of dot-free displays to OS X
  •  Computing – OS
  •  Windows Server 2003 : Protecting Network Communications with Internet Protocol Security - IPSec Basics (part 2) - Differences Between AH and ESP, Process and Procedure
  •  Windows Server 2003 : Protecting Network Communications with Internet Protocol Security - IPSec Basics (part 1) - Security Advantages of IPSec
  •  Windows Vista : Communicating with Windows Mail - Handling Incoming Messages (part 2) - Customizing the Message Columns, Setting Read Options
  •  Windows Vista : Communicating with Windows Mail - Handling Incoming Messages (part 1) - Processing Messages
  •  Windows Vista : Communicating with Windows Mail - Setting Up Mail Accounts
  •  Ultra-X P.H.D PCI2 - Solve PC Problems Easily (Part 2)
  •  Ultra-X P.H.D PCI2 - Solve PC Problems Easily (Part 1)
  •  Confessions Of An Internet Troll (Part 2)
  •  Confessions Of An Internet Troll (Part 1)
  •  Windows Vista or Windows Server 2008 : Architecture of Group Policy - Domain Controller Selection During GPO Management
  •  Windows Vista or Windows Server 2008 : Architecture of Group Policy - Group Policy Dependencies
    Top 10
    Canon PowerShot G15 12MP Digital Camera With 3-Inch LCD
    3D Printed Guns
    Dual-channel DDR3 RAM (Part 4)
    Dual-channel DDR3 RAM (Part 3)
    Dual-channel DDR3 RAM (Part 2)
    Dual-channel DDR3 RAM (Part 1)
    In-Win G7 Black Windowed Mid-Tower Case
    Starcraft II Gaming Mouse & Marauder Starcarft II Gaming Keyboard
    The Computers That Came In From The Cold (Part 2)
    Joystick Junkies - The Sim Hardware Roundup (Part 3) : Thrustmaster HOTAS Warthog, Thrustemaster TH8 RS Gear Shifter, ButtKicker Gamer 2
    Most View
    Devolo dLAN 500 AV Wireless + Starter Kit
    SQL Server 2008 : Common performance problems (part 1) - Procedure cache bloating
    Asus VivoTab RT 3G Tablet Review (Part 2)
    Coby Kyros MID9742 – Good Hardware But Poor Apps
    Accelerate Your PC
    DirectX 10 Game Programming : 3D Introduction - A Small Shader Introduction
    Take It To The Limit (Part 1)
    Windows 7 : Managing Your Schedule - Printing Calendars
    ECS Z77H2-A2X v1.0 - Golden LGA 1155 Mainboard From The Black Series (Part 5)
    Deploying to an iPhone, Debugging, and Testing : Distributing Your Application