Managing BitLocker & UAC Setting on a 2003 Domain

Discussion in 'Windows Vista General Discussion' started by AnthonyR, Oct 24, 2007.

  1. AnthonyR

    AnthonyR Guest


    I am pretty new to this, so please forgive me if the question seems junior.
    I am trying to managing some of the new Vista Enterprise settings on a
    Windows 2003R2 domain controller. Since the new settings for Vista are in
    ADMX format, and the native gpedit and gpmc on my DC can only read ADM files,
    how am I supposed to manage these settings ? I read several doc's on this,
    extended my schema, created a new ACE object for TPM chips, built a central
    store for ADMX/ADML files etc.. I'm still confused. Any guidance would be
    AnthonyR, Oct 24, 2007
    1. Advertisements

  2. Just follow the instructions at
    Mike Brannigan, Oct 24, 2007
    1. Advertisements

  3. AnthonyR

    AnthonyR Guest

    Thanks Mike. So if I am understanding this correctly... I create the central
    store on the 2003DC and copy over the Vista ADMX files to this central store
    on my DC. When I fire up the GPMC or GPEDIT consoles on my Vista machine,
    they will point to the ADMX files on the 2003DC even though I cannot view any
    updated Vista specific GPO's on the 2003DC. Is that right ?

    Assuming it is, I guess what I found confusing was that the fact that I am
    updating domain GPO's from a Vista client, I thought I would have to do this
    from a DC or member server.
    AnthonyR, Oct 24, 2007
  4. Anthony - read the page and follow all the instructions on it.
    It answers all your questions.
    more below in line.


    Mike Brannigan
    As per the doc you run GPMC.msc (nothing else) on a domain member Vista
    machine under an account that has the relevant domain admin credentials to
    allow the creation/edit etc of GPOs.
    As you see when you run the tool you see the forest etc and drill down to
    the GPOs - have you actually done this yet ? if you are not doing this
    now - then do so otherwise you are unlikely to understand as when you see it
    it all makes sense.
    Why the confusion - surely you do not go and locally sit at a DC to edit
    your GPOs now !??
    Of course you edit them at your desk on a member PC.
    Mike Brannigan, Oct 24, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.