Windows 10 brought new options for managing endpoints. As the latest version of Windows Server is version 2012 R2 for now, we need a workaround the time new Windows Server 2016 will come up. The pack containing Windows 10 ADMX templates allows to control which features and functions are activated on Windows 10 computers. For your information there is 2101 new settings for Windows 10 in those ADMX files….
If you have a domain managed by a domain controler which does not have a clue that some Windows 10 boxes are now part of a domain, how do you manage those systems? There is a new browser Edge. Or another example – Microsoft OneDrive for storage. You may want to prevent users to use OneDrive for storing enteprise documents by disabling completely OneDrive. You can manage those configs through GPO.
With Windows Server 2012 R2, you need to import Windows 10 ADMX file into a specific folder that you'll have to create. When the 2012R2 was released (in 2013) Windows 10 wasn't born just yet. To use those .ADMX files in Windows Server 2012R2, you must create a Central Store in the SYSVOL folder on a Windows domain controller.
The Central Store is a file location that is verified by the Group Policy tools. The Group Policy tools use any .ADMX files that are in the Central Store. The files that are in the Central Store are later replicated to all domain controllers in the domain.
How-to Import Windows 10 ADMX into Windows Server 2012 R2 Domain – The steps:
Step 1: First thing to do is to create a Central store at C:\windows\sysvol\<your_domain>\policies
There you create a folder named PolicyDefinitions
Step 2: The next step is to download and import the Windows 10 ADMX files. So after downloading > Run the MSI package to install it > Copy all ADMX files from C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions to the Central store folder called PolicyDefinitions you just created.
(Note: copy also the folder as on the image below – depending of the language you're managing – In my case I copied the en-US, but you may run your DC in different language, then you might want to pickup different one. In any case, if the folder isn't copied you'll find yourself with bunch of errors when wanting to edit new GPOs).
*********************************************************************
Shop for vSphere licenses at VMware Store:
- vSphere Essentials Plus – vMotion, HA… 3 Hosts, vCenter
- vSphere Essentials – 3 Hosts, vCenter
- vSphere Standard – Per Physical CPU license
*********************************************************************
Step 3: Go to your Group Policy Management Console (gpmc.msc ) and create new GPO for your Windows 10 endpoints > Then Right Click > Edit
The new options will show up under Computer configuration > Policies. There is completely new branch called “Administrative Templated: Policy Definitions (ADMX files) retrieved from the central store”. The central store that you have created at the beginning of this post.
That's it. You can then find the setting you want to disable and hook this GPO to the container where your Windows 10 desktops are located….
In this example I refuse all cookies in Microsoft Edge browser, but as I mentioned at the beginning of this post, there is over 2000 settings….
Refresh the GPO by running “gpupdate /force” from command line > Done.
Let me get back to systems which are not part of a domain. There is a second option for users that do not wont to go through the Group Policy console.
Option 2: For isolated systems you might also disable the settings via a registry key
The associated registry key, located at:
“HKLM\Software\Policies\Microsoft\Windows\CloudContent,” value “DisableWindowsConsumerFeatures.”
Set that value to 1 and you won’t get the extra apps.
Source: Microsoft
Super duper useful compared to the Microsoft Technet article!!!
Thank you Vlad!
thank for sharing
Grata pelo conteúdo. Obrigada por compartilhar dicas tão boas.
Thank you for sharing all this.franck alves
Nice, thank for sharing
Thanks for sharing
It’s not working for me. I copied all the files from C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions to c:/Windows/sysvol/sysvol/trm96.local/policies/policydefinitions
When I create a new GPO it does not show me “Administrative Templated: Policy Definitions (ADMX files) retrieved from the central store”
You have to copy the folder en-US (or whatever language you want) and all the content in the root folder of the C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions
TO
c:/Windows/sysvol/sysvol/trm96.local/policies/policydefinitions
How can I add ADMX for Windows 10 on top of an old ADMX? Do I need to replace the files on the central store ?
Superb info…..
Thanks for sharing….
Straight to the point. I followed the instructions step by step and was able to get it properly at first attempt. People please follow the instructions carefully, read the steps and pay attention to details… All you need to know about installation is in the article above…
THANK YOU VERY MUCH VLADAN for this instruction.
ONE THING from me:
As of today, when you click the link to download there are 2 files offered from Microsoft
Windows10_Version_1511_ADMX.msi
Windows10-ADMX.msi
You need only one of THEM and it seems that the Version_1511_ADMX is the newer one (I installed both and then compared the versions’ dates and number of files in the installed folder to draw this conclusion)
Thanks mate.
Hi,
Thanks for this, can you please explain how i can add windows 10 admx when already i have win 7 admx what i found
To create a Central Store for .admx and .adml files, create a new folder that is named PolicyDefinitions in the following location (for example) on the domain controller:
\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions
When you already have such a folder that has a previously built Central Store, use a new folder describing the current version such as:
\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions-1803
Copy all files from the PolicyDefinitions folder on a source computer to the new PolicyDefinitions folder on the domain controller.
Has any1 tried and share some info for me please.
For a domain with 2 domain controller the folder for new policy is \\domain.local\SYSVOL\domain.local\policies