Updated 1/19/2018 for Windows 10 1709, Office 365 Pro Plus and Windows Server 2016

I just got done explaining to a friend that I don’t focus on technology stuff on my blog, and here I go blabbering about technology stuff.  Oh well.

One of the first things I do when building out a new POC lab is to prepare the AD side. In most cases, I run a set of PowerShell scripts to create and configure the Forest and Domain, and then the sites, site links, subnets, OU’s, user accounts, service accounts, security groups, and so on.  I usually make factory machine sounds while the script churns away, just to annoy my dog.

After that, since I’m often working with Windows 10 and Office 365, I need to insure the latest ADMX/ADML templates are in place.

ADMX files are essentially the framework for the Group Policy Object settings themselves, while the ADML files are the associated language-specific files to interface with the administrative and deployment side (GPMC, GPEDIT, etc.)

There’s a lot of content already on doing these individually, but since I do them together most of the time, I thought I’d jot down the process in one chunk. Enjoy!


  1. Create the Group Policy Central Store
  2. Download the ADMX template packs
  3. Install the ADMX templates to separate folders
  4. Copy the ADMX and ADML files to the PolicyDefinitions folder
  5. Verify the updates


1. Create the Group Policy Central Store

If you already have this, skip over to step 2.  A central store is basically a folder that is automatically read by the Group Policy environment for a given domain.  The main policy store is under the SYSVOL share on your domain controller.  Creating this appended folder set is easy:

  • Log onto the domain controller
  • Copy the C:\Windows\PolicyDefinitions folder
  • Paste the PolicyDefinitions folder under C:\Windows\SYSVOL\domain\Policies\

2. Download the ADMX templates for Windows 10

  • If you already did this, skip over to step 3
  • Download for Windows 10 build 1709 (latest as of now) – link
  • Download for Office 365 Pro Plus / 2016 (latest as of now) – link
    • Be sure to select the correct type: 32-bit or 64-bit based on which Office configuration you’re deploying.
  • Download for OneDrive sync client – link
  • Download for Internet Explorer 11 – link

3. Install the ADMX templates to separate folders

  • If you already did this, skip over to step 4
  • Open each of the ADMX installers, and specify a target folder for extracting the files.
  • For this example, I specified C:\Windows10ADMX and C:\OfficeADMX for each.

4. Copy the ADMX and ADML files to the PolicyDefinitions folder

  • If you already did this, skip over to step 5.
  • Open both folders in separate, adjacent Explorer windows to have them side-by-side.
    • In one window (aka “source”), navigate to C:\Windows10ADMX\PolicyDefinitions.
    • In the other, navigate to the Policy Central Store (e.g. c:\windows\sysvol\domain\policies\PolicyDefinitions) (aka “target”)
    • Copy *.ADMX files from the “source” window and paste into the “target” window. Choose Yes to overwrite matching files (if prompted)
  • In the “source” window, select the language sub-folder (e.g. “en-us”) to show the nested .ADML files within it.
    • In the “target” window, select the same language sub-folder.
    • Copy the *.ADML files from “source” to “target”.  Choose Yes to overwrite if prompted.
  • Repeat this process for the C:\OfficeADMX\admx folder (*.admx files) and the appropriate .ADML sub-folder.

5. Verify the updates

  • If you already did this, skip over to, wait a minute?  WTF are you reading this for?  Okay, never mind, read on…
  • On a domain controller or from your client computer: Open GPMC.
  • Edit (or Create) a Group Policy Object.
  • Expand Computer Settings / Policies / Administrative Templates.
  • If you don’t get prompted for warnings about missing items, you’re halfway there.
  • You should see “retrieved from the central store” on the end of the “Administrative Templates” entry.
  • Expand “Microsoft Office 2016 (Machine)”
  • Select “Updates”
  • Verify that it contains settings in the right-hand panel.  For example, “Office 365 Client Management”

6. Bonus

Identify someone within your organization who absolutely does not want Office 2016 on their computer.  Prepare a deployment in Configuration Manager for Office 2016 and target their computer.  In fact, target their user account and all devices.  Enjoy!

Disclaimer: don’t actually do this, unless you’re the CEO.

Post Mortem

After all this, I usually run a few more steps, such as creating central shares for Features-on-Demand (or “FOD”) for each Windows SKU in the environment.  Follow that with a few GPO settings to insure they apply to all devices in the lab.  Then create some folders and shares for application packages, updates, scripts and utilities.

Cheers! 😀


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s