We want to evaluate Windows 7 and work on it as much as possible before sending it out to clients. We have been told by the LEA that they will not allow .admx files on the network (cannot remember the reason).
I went to them with the information that AngryTechnician had on his blog here:
They denied my request.
Since then we have been given our own local Domain Controller. This pulls down the policies from the central LEA domain controllers so if the broadband network goes down pupils can still logon et etc.
I believe that policies around the network replicate across all DCs so any I create on the central Dcs will replicate to my DC here on the network (and vice versa).
Now - if I create an admx store on our DC is there any way I can stop that store replicating back up to the central DCs - thus allowing me to test locally with the new Windows 7 admx files but not affecting anything else.
Is there any reason why you could not setup your own domain?
That stinks, is it not possible to break away from them?
Cannot set up our own domains. We have domain admin rights on our branch of the AD but not Enterprise Admin rights so we cannot destroy anything. It's a huge AD structure - although probably not the biggest ever - with all schools and users. 15 comps, 97 or so primaries quite a few thousand machines over the LEA.
Thats not to bad i suppose if you have your own domain
I'm going to sound like a really boring suit now, but here goes.
Firstly, I would say that if your managed service providers / LA have advised that .ADMX files are not permitted on the domain, then you may put your job at risk if you try to do so.
I know it's a PITA, but this is the way in which larger organisations work. The bigger the system, the greater the risk of making changes and the tighter the change control needs to be.
If it's just the case that you want to get acquainted with Windows 7 in a domain environment, then this is not really justification for messing around with the live production environment on which your schools depend. It would be better to set up a virtual environment on a high spec PC (quad core, 64 bit OS, 8 gb RAM etc). This way you could have the freedom to make whatever changes you want.
Speaking as someone on the other side of the fence as it were, I would suggest that another way to move forward would be to try to engage with whoever runs the network and find out how they are planning to support Windows 7. Perhaps you could offer to help with testing. Either way, the support window for XP is running out. If they are not already planning to support 7, then someone needs to light a fire under them.
I don't think you need a central store and the admx files shouldn't be replicated through the sysvol now. If you had a Win7 or 2008R2 box you could create a test GPO that will be created by the local admx files the GPO then just contains the policy file that is generated.
Have a read of this.
Ask the Directory Services Team : Windows 7, Windows Server 2008 R2 and the Group Policy Central Store
Personally I would set up a couple of play boxes, virtualbox or xenserver should help.
Last edited by cookie_monster; 25th February 2010 at 10:06 PM.
Don't forget to read the link I posted it gives you a good idea of how GPO's work in 2008+ especially replication.
There are currently 1 users browsing this thread. (0 members and 1 guests)