Getting your Active Directory ready for Windows 7, Part 1

Win7AD

Change is upon us. Where many Active Directory administrators have stuck with Windows XP, because no valid alternatives (Windows Vista, *nix) were available, now the business wants to upgrade to Windows 7.

Whatever the business reasons behind Windows 7, as an Active Directory administrator a couple of key elements should stand out:

  • Windows 7 has IPv6 enabled by default
  • Group Policies have been extended in Windows 7
  • Group Policy Client Side Extensions are available by default in Windows 7
  • User folders have been rearranged in Windows 7
  • Windows 7 machines can store recovery information in Active Directory
  • DirectAccess (a Windows 7 feature) has lavish Active Directory requirements

These features (some only apply to features in Windows 7 Enterprise and Windows 7 Ultimate) require changes in the back ends of your Active Directory environments. While some upgrades are evident, some may not. This series of posts details the changes wise to make to your Active Directory environments to smoothen the transition to Windows 7 and enable its compelling features for your specific environment.

 

Group Policy

Central Store

In the good ol’ times of Windows 2000 and Windows XP, Group Policy Administrative Templates consisted of ADM files. (files with the *.adm extension). Introduced in Windows Vista, the ADMX and ADML formats, aim to replace the ADM files by a framework of policy-independent language settings and XML formatting. Another plus of the ADMX and ADML transition is the availability of a Central Store, that offers the solution to a congested System Volume (SYSVOL), by simply storing all Administrative Templates in one location (instead of per Group Policy object).

Creation of the Central Store is done by creating a folder named PolicyDefinitions and copy the Administrative Templates from the C:\Windows\PolicyDefinitions folder a Windows 7 installation. Alternatively you can download the PolicyDefinitions folder, contained in the download for Administrative Templates (ADMX) for Windows Server 2008 R2 and Windows 7, which not only contains all *.admx files, but also contains the *.adml files for 55 languages and dialects.

The creation of a Central Store is not necessary, but highly advisable, since it will reduce the overhead and traffic, associated with SYSVOL replication between Domain Controllers.

Group Policy Settings

Requires at least:

  • Windows Server 2003 Domain Controllers
  • Group Policy Management Console (GPMC) on Windows 7

Just like Windows Vista, Windows 7 comes with a slew of new Group Policies. Generally, you can create and modify group policy settings and group policy preferences through the Group Policy Management Console (GPMC) on an installation of the same version, or its server counterpart. For instance, Windows Vista SP1 group policy settings can be managed from both Windows Vista installations as Windows Server 2008 (with built-in Service Pack 1) installations.

So, for Windows 7 Group Policy settings you don’t need Windows Server 2008 R2 servers or Windows Server 2008 R2 Domain Controllers; you can manage these settings from Windows 7, as long as your Domain Controllers are running at least Windows Server 2003 with Service Pack 1. But remember, in these scenarios you’ll only be able to create and modify Windows 7 Group Policies from a Windows 7 installation…

Group Policy Preferences

Requires at least:

  • Windows Server 2003 Domain Controllers
  • Group Policy Management Console (GPMC) on Windows Vista SP1 / Windows 7

Also, in contrast to Windows XP, Windows Vista and Windows 7 come with Group Policy Preferences built-in. The Group Policy Preferences are hard to deploy on Windows XP (because you need to deploy the Group Policy Preferences Client Side Extensions package) and Windows Vista RTM (because it lacks the Group Policy Management Console). From Windows Vista SP1 onwards, you’ll have a blast using Group Policy Preferences.

Using Group Policy Preferences, you can quickly and as granular with Group Policies settings, create or delete files, folders and shortcuts, map network shares, edit the registry, set the administrator password and set a lot of options in the Control Panel. The options are even more lavish than Group Policy settings. Ultimately, using Group Policy Preferences you don’t need to use startup/login scripts anymore.

One downside of Group Policy Preferences, is the settings are not enforced. Where Group Policy Settings grey out the settings for a user, Group Policy Preferences allow the end user to change the setting afterwards.

Series Navigation

Getting your Active Directory ready for Windows 7, Part 2 >>

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.