Several of the new features in Windows 7 are enabled exclusively through Group Policy. For example, AppLocker, location aware printing, the new federated search feature that allows Windows Search to point to a SharePoint document library. Another example is the new Branch Cache feature – this too can only be enabled through Group Policy. And perhaps one of the most anticipated features in Windows 7 – Bitlocker backup to Active Directory, can only be enabled through Group Policy. For an exhaustive reference of what is new in Windows 7 Group Policy, Microsoft released a reference guide in excel format on September 2nd.

Therefore, it is important that organizations know that they must first manually copy the new ADMX and ADML files from a Windows 7 workstation to their domain controller before they can actually take advantage and set any of these new features. This is a change in behavior, because with Windows XP, you could simply launch the Group Policy Management Console (GPMC) from the XP host and it would automatically update the .adm files on the domain controller. Beginning with Vista, this no longer happens, by design, to reduce network traffic.

One question I am often asked is whether there are any specific requirement for domain controllers. For example, can I take advantage of the settings in Windows 7 Group Policy if I still have Windows 2003 domain controllers? The answer is yes. You simply need to manually create a directory named the Central Store inside to sysvol folder on any domain controller, and then manually copy the ADMX and ADML files from any Windows 7 desktop to that folder (this is the same procedure listed for Vista in KB 929841). Then, File Replication Service (FRS) faithfully copies those files to the other domain controllers. Since these are just files being copied around, it does not matter what operating system or domain functional level the domain controllers are running.

How does Windows 7 and Windows Vista deal with non ADMX (regular ADM) files? They will continue to consume any custom ADM files found in a GPO, but they will ignore the system ADM files. You can still add ADM files to a GPO created from an ADMX template.

There are 296 files (about 7MB) that need to be copied from:

c:\Windows\PolicyDefinitions

to

\\yourDC\admin$\SYSVOL\sysvol\yourDomainName\Policies\PolicyDefinitions

That’s it. Now, when you launch GPMC, you’ll see the new Bitlocker Backup to AD settings:

image

image

Branch Cache GPO Setting:

image