Score:0

When I add the "Edge Policies" to my DC, my other GPOs go missing

ve flag
Tim

I followed the steps in the link below to install the Edge policy templates into Active Directory.

https://pureinfotech.com/install-microsoft-edge-group-policy-templates-windows-10/

However, after doing so, I am noticing that all of my other policy templates are missing from GPO. For example, I am no longer able to see Control Panel, Desktop, Network, Shared Folders, etc.

What is the correct way to import custom policies into AD without overriding all of the other policy templates?

EDITED TO PROVIDE MORE INFORMATION (see below):

Before I add the Edge-related ADMX files under the SYSVOL Central Policy share, when I expand User Configuration > Policies > Administrative Templates, I see the following: enter image description here Following the instructions in the above-linked article, I need to create a PolicyDefinitions folder under \\domain-controller\SYSVOL\Policies and then drop in the ADMX files. After doing that, below is what I see (note that the Software Settings, Windows Settings and other folders are all now missing): enter image description here I've seen a few articles online saying you just need to copy the files under C:\Windows\PolicyDefinitions to the Central Policy store. Before blindly following those instructions, I wanted to get information from the community if I'm importing these Edge-related ADMX properly or if there is another way to import these Edge-related ADMX files so that it doesn't "overwrite"/hide the other policies as shown in the screenshots above.

Massimo avatar
ng flag
Where exactly are you doing this? As in, on which machine?
Massimo avatar
ng flag
Also, do you have a central policy store in your domain? (See here if you don't know what it is: https://learn.microsoft.com/en-us/troubleshoot/windows-client/group-policy/create-and-manage-central-store)
ve flag
Tim
I am adding this to the domain controller. Dropping the Edge ADMX files into the \\primary-domain-control\sysvol\domain-name\policies\policydefinitions directory.
ve flag
Tim
I am familiar with the Central Policy store, yes. But what's not clear to me is what happens when over time when new policy settings get introduced by Microsoft through Windows Updates. Do I need to keep copying all of the ADMX files from the DC's `C:\Windows\PolicyDefinitions` folder into the SYSVOL after each Windows Update?
Massimo avatar
ng flag
Yes, the central store needs to be updated manually.
Massimo avatar
ng flag
Anyway, dropping additional ADMX files into the central store *is* the correct way to add new administrative templates to the domain, and it should definitely *not* mess with already existing templates. I am at a loss to understand why this happens in your environment.
ve flag
Tim
@Massimo, I've edited my original post to provide more details. For clarity, are you saying moving forward, I always need to remember to copy the contents of `C:\Windows\PolicyDefinitions` into the Central Policy Store? I presume that needs to be done after patching?
cn flag
@user1913559: You were not previously using the Central Policy Store. When you created the directory and copied those few files, you switched over to using the Central Policy Store. If that is what you want to do, you need to copy **ALL** your files from C:\Windows\PolicyDefinitions into the Central Policy Store.
Score:0
ng flag

Following the instructions in the above-linked article, I need to create a PolicyDefinitions folder under \\domain-controller\SYSVOL\Policies and then drop in the ADMX files.

According to this comment, you did not have a Central Policy Store before (which is perfectly legit, because it doesn't exist by default and you need to create it manually).

When you create the CPS, you must populate it; you do that by copying into it all the default ADMX templates for the most recent Windows version. You can get them either from the most up-to-date Windows computer in your environment, or (better) by downloading them from here.

After the CPS is created and populated with the default templates, you can add your own ones; they are available for lots of applications, including Edge and Office.

What you did wrong was creating a CPS and populating it only with the Edge templates; when you created the CPS, all GPMCs in the domain switched from using the local templates to those in the CPS... but your CPS only contains the templates for Edge, thus all the default ones are missing.

Solution: add the base ADMX templates to your CPS, and everything should work correctly.


In reply to your comment: yes, if you use the CPS, you need to update it manually whenever a new set of ADMX templates is released, either for Windows or for any additional application.

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.