+ Post New Thread
Results 1 to 13 of 13
Windows 7 Thread, Windows 7 on a 2003R2 domain in Technical; We want to evaluate Windows 7 and work on it as much as possible before sending it out to clients. ...
  1. #1

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,260
    Thank Post
    965
    Thanked 324 Times in 192 Posts
    Blog Entries
    11
    Rep Power
    164

    Windows 7 on a 2003R2 domain

    We want to evaluate Windows 7 and work on it as much as possible before sending it out to clients. We have been told by the LEA that they will not allow .admx files on the network (cannot remember the reason).

    I went to them with the information that AngryTechnician had on his blog here:

    http://angrytechnician.wordpress.com/2009/11/05/the-angry-technicians-guide-to-managing-windows-7-you-idiots/#more-1551

    They denied my request.

    Since then we have been given our own local Domain Controller. This pulls down the policies from the central LEA domain controllers so if the broadband network goes down pupils can still logon et etc.

    I believe that policies around the network replicate across all DCs so any I create on the central Dcs will replicate to my DC here on the network (and vice versa).

    Now - if I create an admx store on our DC is there any way I can stop that store replicating back up to the central DCs - thus allowing me to test locally with the new Windows 7 admx files but not affecting anything else.

    Cheers

    Gareth

  2. #2

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by garethedmondson View Post
    Now - if I create an admx store on our DC is there any way I can stop that store replicating back up to the central DCs - thus allowing me to test locally with the new Windows 7 admx files but not affecting anything else.
    No, I don't believe so. They'll replicate all across the domain in case you log in to a machine elsewhere geographically but attached to the same domain.

  3. Thanks to powdarrmonkey from:

    garethedmondson (25th February 2010)

  4. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,852
    Thank Post
    877
    Thanked 1,681 Times in 1,460 Posts
    Blog Entries
    12
    Rep Power
    445
    Is there any reason why you could not setup your own domain?

  5. #4

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by FN-GM View Post
    Is there any reason why you could not setup your own domain?
    LEA policy.

  6. Thanks to powdarrmonkey from:

    garethedmondson (25th February 2010)

  7. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,852
    Thank Post
    877
    Thanked 1,681 Times in 1,460 Posts
    Blog Entries
    12
    Rep Power
    445
    That stinks, is it not possible to break away from them?

  8. #6

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,260
    Thank Post
    965
    Thanked 324 Times in 192 Posts
    Blog Entries
    11
    Rep Power
    164
    Quote Originally Posted by FN-GM View Post
    Is there any reason why you could not setup your own domain?
    No - we used to be an RM school and several schools in the LEA used to have seperate network. It was decided by the Heads that they all went back into a central managed service with an SLA. As such that is where we are.

    Cannot set up our own domains. We have domain admin rights on our branch of the AD but not Enterprise Admin rights so we cannot destroy anything. It's a huge AD structure - although probably not the biggest ever - with all schools and users. 15 comps, 97 or so primaries quite a few thousand machines over the LEA.

    Gareth

  9. #7

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,852
    Thank Post
    877
    Thanked 1,681 Times in 1,460 Posts
    Blog Entries
    12
    Rep Power
    445
    Thats not to bad i suppose if you have your own domain

  10. #8
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34
    I'm going to sound like a really boring suit now, but here goes.

    Firstly, I would say that if your managed service providers / LA have advised that .ADMX files are not permitted on the domain, then you may put your job at risk if you try to do so.

    I know it's a PITA, but this is the way in which larger organisations work. The bigger the system, the greater the risk of making changes and the tighter the change control needs to be.

    If it's just the case that you want to get acquainted with Windows 7 in a domain environment, then this is not really justification for messing around with the live production environment on which your schools depend. It would be better to set up a virtual environment on a high spec PC (quad core, 64 bit OS, 8 gb RAM etc). This way you could have the freedom to make whatever changes you want.

    Speaking as someone on the other side of the fence as it were, I would suggest that another way to move forward would be to try to engage with whoever runs the network and find out how they are planning to support Windows 7. Perhaps you could offer to help with testing. Either way, the support window for XP is running out. If they are not already planning to support 7, then someone needs to light a fire under them.

  11. #9

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,802
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    Quote Originally Posted by FN-GM View Post
    Is there any reason why you could not setup your own domain?
    could you not just do this to test? its not as if you would need the GPO's in place for xp clients if you want to test win 7

    Toby

  12. #10
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    I don't think you need a central store and the admx files shouldn't be replicated through the sysvol now. If you had a Win7 or 2008R2 box you could create a test GPO that will be created by the local admx files the GPO then just contains the policy file that is generated.

    Have a read of this.

    Ask the Directory Services Team : Windows 7, Windows Server 2008 R2 and the Group Policy Central Store


    Personally I would set up a couple of play boxes, virtualbox or xenserver should help.
    Last edited by cookie_monster; 25th February 2010 at 10:06 PM.

  13. #11

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,260
    Thank Post
    965
    Thanked 324 Times in 192 Posts
    Blog Entries
    11
    Rep Power
    164
    Quote Originally Posted by ajbritton View Post
    I'm going to sound like a really boring suit now, but here goes.

    Firstly, I would say that if your managed service providers / LA have advised that .ADMX files are not permitted on the domain, then you may put your job at risk if you try to do so.

    I know it's a PITA, but this is the way in which larger organisations work. The bigger the system, the greater the risk of making changes and the tighter the change control needs to be.

    If it's just the case that you want to get acquainted with Windows 7 in a domain environment, then this is not really justification for messing around with the live production environment on which your schools depend. It would be better to set up a virtual environment on a high spec PC (quad core, 64 bit OS, 8 gb RAM etc). This way you could have the freedom to make whatever changes you want.

    Speaking as someone on the other side of the fence as it were, I would suggest that another way to move forward would be to try to engage with whoever runs the network and find out how they are planning to support Windows 7. Perhaps you could offer to help with testing. Either way, the support window for XP is running out. If they are not already planning to support 7, then someone needs to light a fire under them.
    Hi - I agree totally and was not going to do it. I was just asking - collecting opinions and examples before talking to the LEA.

    Thanks for the advice though. The LEA are testing Windows 7 so it is on the way. I'm just being impatient :-)

    Gareth

  14. #12
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34
    Quote Originally Posted by garethedmondson View Post
    I'm just being impatient :-)
    Nothing wrong with that!

    Like I said, I would go for a VM test setup. I find these easier to manage than physical boxes. Simple to try a change and revert to a snapshot if it doesn't work. VMWare Server is your friend.

  15. #13
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Don't forget to read the link I posted it gives you a good idea of how GPO's work in 2008+ especially replication.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 19th March 2012, 08:58 AM
  2. Domain Services for Windows
    By evil-tom in forum Netware
    Replies: 1
    Last Post: 4th February 2010, 09:08 AM
  3. Windows 7 in a Windows 2003 domain.
    By sch in forum Windows 7
    Replies: 3
    Last Post: 10th November 2009, 12:18 PM
  4. Windows 7 on a Server 2003/2003R2 network
    By garethedmondson in forum Windows 7
    Replies: 8
    Last Post: 18th September 2009, 11:59 AM
  5. - 2003R2 Install
    By garethedmondson in forum Windows
    Replies: 6
    Last Post: 2nd February 2009, 03:04 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •