Managing BitLocker & UAC Setting on a 2003 Domain

Discussion in 'Windows Vista General Discussion' started by AnthonyR, Oct 24, 2007.

  1. AnthonyR

    AnthonyR Guest

    Hello,

    I am pretty new to this, so please forgive me if the question seems junior.
    I am trying to managing some of the new Vista Enterprise settings on a
    Windows 2003R2 domain controller. Since the new settings for Vista are in
    ADMX format, and the native gpedit and gpmc on my DC can only read ADM files,
    how am I supposed to manage these settings ? I read several doc's on this,
    extended my schema, created a new ACE object for TPM chips, built a central
    store for ADMX/ADML files etc.. I'm still confused. Any guidance would be
    appreciated.
     
    AnthonyR, Oct 24, 2007
    #1
    1. Advertisements


  2. Just follow the instructions at
    http://technet2.microsoft.com/Windo...72e1-484b-a67a-22f66fbf9d171033.mspx?mfr=true
     
    Mike Brannigan, Oct 24, 2007
    #2
    1. Advertisements

  3. AnthonyR

    AnthonyR Guest

    Thanks Mike. So if I am understanding this correctly... I create the central
    store on the 2003DC and copy over the Vista ADMX files to this central store
    on my DC. When I fire up the GPMC or GPEDIT consoles on my Vista machine,
    they will point to the ADMX files on the 2003DC even though I cannot view any
    updated Vista specific GPO's on the 2003DC. Is that right ?

    Assuming it is, I guess what I found confusing was that the fact that I am
    updating domain GPO's from a Vista client, I thought I would have to do this
    from a DC or member server.
     
    AnthonyR, Oct 24, 2007
    #3
  4. Anthony - read the page and follow all the instructions on it.
    It answers all your questions.
    more below in line.

    --

    Mike Brannigan
    As per the doc you run GPMC.msc (nothing else) on a domain member Vista
    machine under an account that has the relevant domain admin credentials to
    allow the creation/edit etc of GPOs.
    As you see when you run the tool you see the forest etc and drill down to
    the GPOs - have you actually done this yet ? if you are not doing this
    now - then do so otherwise you are unlikely to understand as when you see it
    it all makes sense.
    Why the confusion - surely you do not go and locally sit at a DC to edit
    your GPOs now !??
    Of course you edit them at your desk on a member PC.
     
    Mike Brannigan, Oct 24, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.