I just got done explaining to a friend that I don’t focus on technology stuff on my blog, and here I go blabbering about technology stuff. Oh well.
One of the first things I do when building out a new POC lab is to prepare the AD side. In most cases, I run a set of PowerShell scripts to create and configure the Forest and Domain, and then the sites, site links, subnets, OU’s, user accounts, service accounts, security groups, and so on. I usually make factory machine sounds while the script churns away, just to annoy my dog.
After that, since I’m often working with Windows 10 and Office 365, I need to insure the latest ADMX/ADML templates are in place.
ADMX files are essentially the framework for the Group Policy Object settings themselves, while the ADML files are the associated language-specific files to interface with the administrative and deployment side (GPMC, GPEDIT, etc.)
There’s a lot of content already on doing these individually, but since I do them together most of the time, I thought I’d jot down the process in one chunk. Enjoy!
- Create the Group Policy Central Store
- Download the ADMX template packs
- Install the ADMX templates to separate folders
- Copy the ADMX and ADML files to the PolicyDefinitions folder
- Verify the updates
1. Create the Group Policy Central Store
If you already have this, skip over to step 2. A central store is basically a folder that is automatically read by the Group Policy environment for a given domain. The main policy store is under the SYSVOL share on your domain controller. Creating this appended folder set is easy:
- Log onto the domain controller
- Copy the C:\Windows\PolicyDefinitions folder
- Paste the PolicyDefinitions folder under C:\Windows\SYSVOL\domain\Policies\
2. Download the ADMX templates for Windows 10
- If you already did this, skip over to step 3
- Download for Windows 10 1511 (latest as of now) – link
- Download for Office 2016 (latest as of now) – link
- Be sure to select the correct type: 32-bit or 64-bit based on which Office configuration you’re deploying.
3. Install the ADMX templates to separate folders
- If you already did this, skip over to step 4
- Open each of the ADMX installers, and specify a target folder for extracting the files.
- For this example, I specified C:\Windows10ADMX and C:\OfficeADMX for each.
4. Copy the ADMX and ADML files to the PolicyDefinitions folder
- If you already did this, skip over to step 5.
- Open both folders in separate, adjacent Explorer windows to have them side-by-side.
- In one window (aka “source”), navigate to C:\Windows10ADMX\PolicyDefinitions.
- In the other, navigate to the Policy Central Store (e.g. c:\windows\sysvol\domain\policies\PolicyDefinitions) (aka “target”)
- Copy *.ADMX files from the “source” window and paste into the “target” window. Choose Yes to overwrite matching files (if prompted)
- In the “source” window, select the language sub-folder (e.g. “en-us”) to show the nested .ADML files within it.
- In the “target” window, select the same language sub-folder.
- Copy the *.ADML files from “source” to “target”. Choose Yes to overwrite if prompted.
- Repeat this process for the C:\OfficeADMX\admx folder (*.admx files) and the appropriate .ADML sub-folder.
5. Verify the updates
- If you already did this, skip over to, wait a minute? WTF are you reading this for? Okay, never mind, read on…
- On a domain controller or from your client computer: Open GPMC.
- Edit (or Create) a Group Policy Object.
- Expand Computer Settings / Policies / Administrative Templates.
- If you don’t get prompted for warnings about missing items, you’re halfway there.
- You should see “retrieved from the central store” on the end of the “Administrative Templates” entry.
- Expand “Microsoft Office 2016 (Machine)”
- Select “Updates”
- Verify that it contains settings in the right-hand panel. For example, “Office 365 Client Management”
Identify someone within your organization who absolutely does not want Office 2016 on their computer. Prepare a deployment in Configuration Manager for Office 2016 and target their computer. In fact, target their user account and all devices. Enjoy!
Disclaimer: don’t actually do this, unless you’re the CEO.
After all this, I usually run a few more steps, such as creating central shares for Features-on-Demand (or “FOD”) for each Windows SKU in the environment. Follow that with a few GPO settings to insure they apply to all devices in the lab. Then create some folders and shares for application packages, updates, scripts and utilities.