Windows 10 or Windows 11 GPO ADMX - Which one to use for central store
- Install a client with Windows 10 21H2 (important!) operating system and join it to your domain.
- Log on with an user with administrative rights.
- Right-click on your start menu and choose “Apps and Features”
- Choose “Optional Features”
- Choose “Add a Feature”
- Search for “RSAT: Group Policy Management Tools” and click the “Install” button.
- After successful installation you will find a “Group Policy Management” item in the “Windows Administrative Tools” folder in your start menu.
- Open your Registry Editor and add following registry value:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy
Value: EnableLocalStoreOverride
Type: REG_DWORD
Data: 1
- Restart your computer and log on with a user account that has the right to edit domain Group Policy objects.
- Run the “Group Policy Management” from your start menu and open the desired GPO for edit. The Administrative Templates should now be taken from the client’s local store instead of the central store.
Windows 10 or Windows 11 GPO ADMX - Which one to use for central store
Last Updated: 17 Jan 2022 at 10:15
Hi community,
My name is Helmut Wagensonner. I’m a Customer Engineer at Microsoft and this blog should help you to understand, which Administrative Templates (admx) to choose for your Windows 11 / Windows 10 mixed environment.
Remember how it was before Windows 11 was released? You simply downloaded the latest ADMX templates, copied it to your central store and you were able to configure all the new settings in the Group Policy editor. You did not have to think about older Windows versions because the ADMX templates were backwards-compatible. Well, they still are, but they are different now for Windows 10 and Windows 11.
As long as we support Windows 10 it could occur that new Windows 10 features are not reflected in Windows 11 ADMX files and vice versa. The table at the end of this article shows the differences between the Win10 and Win11 templates (as of Dec 16, 2021).
So what to do if you have a mixed environment of both client operating systems? Well, fact is that you can only copy one set of ADMX files to your Active Directory’s Central Store. Depending on what your future plans are, you should decide which templates fit best. If you plan to stay on Windows 10 for a while, you should choose the Windows 10 ADMX files. If you’re ready to upgrade to Windows 11 and this will become your dominating OS version (or it already is), you should copy the Windows 11 ADMX files to your Central Store.
But can you configure new Windows 10 policies if your central store contains the Windows 11 ADMX files? Well, you can! You just need to do this from a separate client. The steps below explain the approach.
Following table illustrates the differences between Windows 10 21H2 and Windows 11 21H2 ADMX files.
ADMX name Scope Setting Available only in AppPrivacy Computer Let Windows apps take screenshots of various windows or displays Windows 11 AppPrivacy Computer Let Windows apps turn off the screenshot border Windows 11 AppxPackageManager Computer Archive infrequently used apps Windows 11 AppxPackageManager Computer Do not allow sideloaded apps to auto-update in the background Windows 11 AppxPackageManager Computer Do not allow sideloaded apps to auto-update in the background on a metered network Windows 11 CloudContent Computer Turn off cloud consumer account state content Windows 11 CloudContent User Turn off Spotlight collection on Desktop Windows 11 ControlPanelDisplay Computer Prevent lock screen background motion Windows 11 DataCollection Computer Limit Diagnostic Log Collection Windows 11 DataCollection Computer Limit Dump Collection Windows 11 DeliveryOptimization Computer Discovery Mode: Local Discovery Windows 11 DnsClient Computer Configure DNS over HTTPS (DoH) name resolution Windows 11 EAIME User Configure Korean IME version Windows 11 FileSys Computer Enable NTFS non-paged pool usage Windows 11 FileSys Computer NTFS parallel flush threshold Windows 11 FileSys Computer NTFS parallel flush worker threads Windows 11 FileSys Computer Configure NTFS default tier Windows 11 Globalization Both Restrict Language Pack and Language Feature Installation Windows 11 InetRes Both Replace JScript by loading JScript9Legacy in place of JScript via MSHTML/WebOC. Windows 11 Netlogon Computer Use lowercase DNS host names when registering domain controller SRV records Windows 11 NewsAndInterests Computer Allow News and Interests Windows 11 Sam Computer Configuration settings for the Security Account Manager Windows 11 Sensors Computer Force instant Wake Windows 11 Sensors Computer Force instant Lock Windows 11 Sensors Computer Configure Lock Timeout Windows 11 StartMenu Both Locked Start Layout: Re-Apply Layout at every logon Windows 11 StartMenu Both Show or hide "Most used" list from Start menu Windows 11 TaskBar Computer Configure the Chat icon on the taskbar Windows 11 TenantRestrictions Computer Configure Cloud Policy Details Windows 11 TerminalServer Computer Enable auto-subscription Windows 11 TerminalServer Computer Do not allow location redirection Windows 11 TerminalServer Computer Allow UI Automation redirection Windows 11 WindowsDefender Computer Configure scheduled task times randomization window Windows 11 WindowsDefender Computer Define the directory path to copy support log files Windows 11 WindowsDefender Computer Configure IP Address Exclusions Windows 11 WindowsDefender Computer Turn on script scanning Windows 11 WindowsDefender Computer Allow Microsoft Defender Antivirus to update and communicate over a metered connection Windows 11 WindowsDefender Computer Configure Network Protection to be allowed to be configured into block or audit mode on Windows Server Windows 11 WindowsDefender Computer Control datagram processing for network protection Windows 11 Sandbox Computer Allow vGPU sharing for Windows Sandbox Windows 11 Sandbox Computer Allow networking in Windows Sandbox Windows 11 Sandbox Computer Allow audio input in Windows Sandbox Windows 11 Sandbox Computer Allow video input in Windows Sandbox Windows 11 Sandbox Computer Allow printer sharing with Windows Sandbox Windows 11 Sandbox Computer Allow clipboard sharing with Windows Sandbox Windows 11 WindowsUpdate <Changes in folder structure> Windows 11
ADMX name Scope Setting Available only in DataCollection Both Allow Telemetry: Enhanced Windows 10 DeliveryOptimization Computer Download Mode: Bypass Windows 10 EAIME User Turn on Live Sticker Windows 10 EAIME User Turn on lexicon update Windows 10 InetRes Both Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects Windows 10 InetRes Both Reset zoom to default for HTML dialogs in Internet Explorer mode Windows 10 MicrosoftEdge Both Suppress the display of Edge Deprecation Notification Windows 10 Printing Computer Limit print driver installation to Administrators Windows 10 TerminalServer Computer Set the Remote Desktop licensing mode: AAD per User Windows 10 WindowsDefender Computer Scan packed executables Windows 10
Further resources you might find useful:
GPO Settings Reference Spreadsheet for Windows 10 21H2
https://www.microsoft.com/en-us/down...aspx?id=103668
GPO Settings Reference Spreadsheet for Windows 11 21H2
https://www.microsoft.com/en-us/down...aspx?id=103506
ADMX templates for Windows 10 21H2
https://www.microsoft.com/en-us/down...aspx?id=103667
ADMX templates for Windows 11 21H2
https://www.microsoft.com/en-us/down...aspx?id=103507
Source: https://techcommunity.microsoft.com/...r/ba-p/3063322
Related Discussions
