We have an Active Directory-based LAN, with Windows 10 clients version 21H1. AD is Server 2019-based. Having recently migrated this network from Server 2003, I'm still trying to get the hang of how things work. I'm overenjoyed by what I can do with ADM(X) templates in my group policies, however I'm not sure on how I should include newer Windows 10 templates on my servers.
So far I have created a central store under SYSVOL as per the instructions in https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/create-and-manage-central-store
Seems to work like a charm. However, there are certain features of 21H1 that I can not control via GPOs (for example, the news app) since there are no templates on server 2019 that correspond to the newer Windows 10 versions' features.
My question is which is the more safe/robust way to be able to "view" and control via GPOs new Windows versions' features?
I figure there might be two approaches here:
Approach 1: According to the link above, an approach one might follow is to first copy the \Windows\PolicyDefinitions directory from a 21H1 Windows 10 installation (which holds the 21H1-updated templates) to the domain SYSVOL with a different name, say PolicyDefinitions-21H1 (since a PolicyDefinitions directory already exists). Till this point I understand things clearly. It's the next steps that got me lost:
[...]
When you have copied all .admx and .adml files, the PolicyDefinitions
folder on the domain controller should contain the .admx files and one
or more folders that contain language-specific .adml files.
Note
When you copy the .admx and .adml files from a Windows 8.1-based or
Windows 10-based computer, verify that the most recent updates to
these files are installed. Also, make sure that the most recent
Administrative Templates files are replicated. This advice also
applies to service packs, as applicable.
When the operating system collection is completed, merge any OS
extension or application ADMX/ADML files into the new
PolicyDefinitions folder.
When this is finished, rename the current PolicyDefinitions folder to
reflect that it's the previous version, such as
PolicyDefinitions-1709. Then, rename the new folder (such as
PolicyDefinitions-1803) to the production name.
Could comeone elaborate on what exactly I should do here, in (more newbie-friendly) English? My current PolicyDefinitions in SYSVOL contains the server 2019 adm/admx/adml files, plus some templates I've included for Mozilla Firefox.
Approach 2: download and install the 21H1 admx bundle (available in MSI format from https://www.microsoft.com/en-us/download/103124) directly on the 2019 server. But I'm not certain whether this approach is both safe (I won't break something on the AD server) and sufficient (other steps needed perhaps?).
Any pointers will be appreciated.
