Managing Group Policy in a Mixed Environment

As mentioned earlier, Windows Vista introduces a new administrative template format, ADMX. All settings under Administrative Templates in Windows Vista are defined in these new files. This calls into immediate question what happens to settings for older operating systems, or to Windows Vista, when settings in a GPO were made using an older operating system.

Settings available only in Windows Vista, which includes the 800+ new settings, must be configured using a group policy editor on a Windows Vista computer. The GPO itself can be stored on domain controllers of any type, but the settings can only be made on Windows Vista until the server version of Windows Vista, currently codenamed "Longhorn" ships. For that reason, the recommendation is that administrators upgrade the computer they use to administer Group Policy to Windows Vista early, so that they can manage the Windows Vista settings before the OS goes into broad deployment.

GPOs created with Windows Vista, using ADMX templates, will no longer contain ADM files. As we discussed, you can create a central policy definition store in the sysvol share on the DCs, but pre-Vista systems will not know to go look there. Therefore, a down-level system will show a GPO created on Windows Vista as having only Extra Registry Settings. There are no ADMX templates available to the down-level OS to parse the registry.pol file with.

It is important to note though that you can manage all policy settings using Windows Vista and GPMC 2.0. You do not need to keep a down-level OS around just to manage policies for other down-level computers. A GPO created with Windows Vista may not be displayed properly in GPMC 1.0 or GPEdit on a computer running Windows Server 2003, but the registry.pol file is in the same format it always has been. It will be parsed properly by your down-level computers. The recommendation, therefore, is to perform all your GPO management on a computer running Windows Vista, or one running Windows Server Codename Longhorn-the server version of Windows Vista.

If you have written custom ADM templates you may of course convert those to ADMX, but it is not necessary to do so. The Group Policy tools in Windows Vista will parse and use ADM templates the same way as the tools in earlier operating systems did.

Finally, if you have modified one of the built-in ADM files, such as system.adm, or wuau.adm, you will not be able to leverage the modifications on a computer running Windows Vista. The new group policy editing tools ignore ADM files that have been replaced by ADMX files. In order to use modified ADM files, you would have to use a computer running Windows XP or Windows Server 2003. The better option is to start upgrading those ADM files though, and preferably, factor the custom settings out to a separate file instead of modifying the built-in ones.