GPO: Central store

Windows Server 2012R2  Windows Server 2016  Windows Server 2019

Presentation of the central store

The central store makes it possible to share and synchronize all of the Group Policy Definition (ADMX) files on all of the domain controllers by relying on the SYSVOL folder.

By default the ADMX files are in the C:\Windows\PolicyDefinitions folder which is specific to each domain controller.

Default definitions storage folder

It is also possible to check via the Group Policy Management Editor console where ADMX files are loaded.

Verification via the store editor

Benefits of using a central store

Using a central store will allow the same definitions to be used on all domain controllers regardless of the version of Windows Server.

For example, in an environment where one has a DC under Windows Server 2008R2 and another with Windows Server 2016, the definitions for the group policies which applies to Windows 10 will be available only on the controller in 2016 unless have copied files from one server to another.

The use of the central store makes it possible to solve this problem, it is however necessary to think of updating it regularly.

The second interest is when you want to add group policy definitions like those for Office, without a central store, you would have to install them on all domain controllers in the folder: C:\Windows \PolicyDefinitions.

In an environment with 2 or 3 domain controllers, it can be possible to do it manually despite a risk of error or forgetfulness, but in an environment with several dozen controllers this task can empty become time consuming with a risk of forget it.

The third benefit I see at the central store is when you add a domain controller to the Active Directory environment, it automatically retrieves the definitions.

As any “good computer scientist is lazy”, we will choose to set up a central store.

Configure the central store for Group Policy definitions

1. Log on to one of the domain controllers.

2. Create a PolicyDefinitions 1 folder in the following network location: \ your-dc \ SYSVOL \ your-domain \ Policies.

Creation of the folder for the central store

3. Open the Group Policy Management Editor console and check that you have passed through the central store.

Verification via the editor of the use of the central store

If you open the folder you will realize that it is empty, like the folder that we created in step 2.

4. Copy the contents of the C:\Windows\PolicyDefinitions folder to \\ your-dc\SYSVOL\your-domain\Policies\PolicyDefinitions.

Copy local definitions to central store

5. Go back to the Group Policy Management Editor console, check the Group Policy settings are available 1. You may need to refresh (Actions / Refresh) the console to see them.

Definitions from the central store

Related Posts

Active Directory : add a UPN suffix

SummaryPresentationAdd a UPN suffixAssign the suffix to a user accountConsole : Users and Computers Active Directory Active Directory Administration Center : ADACUPN suffix routingRouting when setting

Active Directory: Migrate SYSVOL Folder from FRS to DFSR

Presentation Since Windows Server 2008 and its 2008 domain functional level, replication of the SYSVOL folder is supported by DFSR, before it was done by FRS. If your domain controllers are running Wi

Active Directory: Add a Domain Controller to PowerShell

Table Of ContentsIntroductionPrerequisitesInstalling the ADDS role in PowerShellDomain Controller Promotion in PowerShellComplements Introduction In this tutorial, we will see how to add an Active Dir