GPO: Central store

Presentation of the central store

The central store makes it possible to share and synchronize all of the Group Policy Definition (ADMX) files on all of the domain controllers by relying on the SYSVOL folder.

By default the ADMX files are in the C:\Windows\PolicyDefinitions folder which is specific to each domain controller.

Default definitions storage folder

It is also possible to check via the Group Policy Management Editor console where ADMX files are loaded.

Verification via the store editor

Benefits of using a central store

Using a central store will allow the same definitions to be used on all domain controllers regardless of the version of Windows Server.

For example, in an environment where one has a DC under Windows Server 2008R2 and another with Windows Server 2016, the definitions for the group policies which applies to Windows 10 will be available only on the controller in 2016 unless have copied files from one server to another.

The use of the central store makes it possible to solve this problem, it is however necessary to think of updating it regularly.

The second interest is when you want to add group policy definitions like those for Office, without a central store, you would have to install them on all domain controllers in the folder: C:\Windows \PolicyDefinitions.

In an environment with 2 or 3 domain controllers, it can be possible to do it manually despite a risk of error or forgetfulness, but in an environment with several dozen controllers this task can empty become time consuming with a risk of forget it.

The third benefit I see at the central store is when you add a domain controller to the Active Directory environment, it automatically retrieves the definitions.

As any “good computer scientist is lazy”, we will choose to set up a central store.

Configure the central store for Group Policy definitions

1. Log on to one of the domain controllers.

2. Create a PolicyDefinitions 1 folder in the following network location: \ your-dc \ SYSVOL \ your-domain \ Policies.

Creation of the folder for the central store

3. Open the Group Policy Management Editor console and check that you have passed through the central store.

Verification via the editor of the use of the central store

If you open the folder you will realize that it is empty, like the folder that we created in step 2.

4. Copy the contents of the C:\Windows\PolicyDefinitions folder to \\ your-dc\SYSVOL\your-domain\Policies\PolicyDefinitions.

Copy local definitions to central store

5. Go back to the Group Policy Management Editor console, check the Group Policy settings are available 1. You may need to refresh (Actions / Refresh) the console to see them.

Definitions from the central store


Related Posts


Active Directory: authentication policy

Table Of ContentsPresentation of authentication policiesPrerequisites for using authentication policiesManagement of authentication policiesAuthentication strategy: limit the connection on computer /

GPO: Deploy a certificate

Presentation In this tutorial, we will see how to deploy a certificate on computers using a GPO. Some cases where you may need to distribute a certificate: Internal Certification Authority Appliance c

Active directory: How to set up a child domain

In this tutorial, we will see how to put a child domain in an Active Directory tree. A child domain is a subdomain of one of the component domains in your Active Directory forest. Subdomain segmentati