Windows 10, Windows Server

Automate Administrative Templates to Central Store

🛠️ Keeping Group Policy Templates Updated

If you’re a sysadmin like me, you know how powerful Microsoft’s Group Policy Management features are in a Windows Server environment where Active Directory is implemented. Keeping Group Policy templates up to date is essential for maintaining control and resolving issues within your domain.

📄 Official Documentation | Third-Party Templates

Microsoft provides official documentation detailing how to manually update Administrative Template (.ADMX) files on your Domain Controllers (DCs) or Primary Domain Controller (PDC). These templates can be downloaded from Microsoft’s site.

Also keep in mind that third-party software vendors — such as Google Chrome and Mozilla Firefox — offer their own ADMX templates. These are incredibly useful for managing and enforcing settings across your environment.

I’ve included links to the main three browsers but a script improvement idea is to import those with PowerShell also.

⚙️ Automating the Update Process with PowerShell

After manually installing these templates several times, I got tired of the repetitive steps and created a PowerShell script to automate the process.

⚠️ Note: This script was quickly adapted for this post and hasn’t been fully retested. However, the core logic has been used successfully in production. It’s designed not to overwrite your existing templates.

Feel free to reach out if you encounter issues or have suggestions — happy to collaborate or refine it further!

PowerShell
# Define the URL of the file to download.
$URL = "https://download.microsoft.com/download/8/e/1/8e1c2d4e-9126-4096-8b84-36aa9f524b47/Administrative%20Templates%20(.admx)%20for%20Windows%2011%20July%202023%20Update%20V3.msi"

# Make directory.
New-Item -Path 'C:\TEMP' -ItemType Directory -Force -WarningAction SilentlyContinue -ErrorAction SilentlyContinue | Out-Null

# Define the destination folder to extract to.
$Destination = "C:\TEMP"

# Download the file from the URL.
$DownloadPath = Join-Path $Destination "Administrative_Templates_for_Windows_11_July_2023_Update_V3.msi"
Invoke-WebRequest -Uri $URL -OutFile $DownloadPath

# Install the file from the URL.
Start-Process "Administrative_Templates_for_Windows_11_July_2023_Update_V3.msi" -WorkingDirectory "C:\TEMP" -ArgumentList "/Quiet" -PassThru

# Copy policy templates to SYSVOL location.
Copy-Item -Path "C:\Program Files (x86)\Microsoft Group Policy\Windows 11 July 2023 Update V3 (22H2)\PolicyDefinitions" -Destination "C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions_Win11-22H2-v3" -Recurse -Force

# Check for copied folder then rename and apply.
$Folder = 'C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions_Win11-22H2-v3'
"Test to see if folder [$Folder] exists"
if (Test-Path -Path $Folder) {
    Rename-Item -Path "C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions" -NewName "PolicyDefinitions_old" -Force
    Rename-Item -path "C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions_Win11-22H2-v3" -NewName "PolicyDefinitions" -Force
    GPUpdate /Force
} else {
    "An error has occured."
}

# Cleanup
Remove-Item -Path "C:\TEMP\Administrative_Templates_for_Windows_11_July_2023_Update_V3.msi" -Force

✅ Conclusion

Keeping your Group Policy templates current is a simple but critical step in maintaining a secure and well-managed Windows environment. Whether you’re updating manually or automating the process with PowerShell, staying proactive ensures your policies reflect the latest capabilities and compliance needs.

🌿 Final Thoughts

Don’t hesitate to adapt or improve the script to suit your environment — and as always, test in a safe environment before deploying to production.

/0 Comments/by
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *