Group Policy Administrative Templates contain settings that allow administrators to conveniently configure various Windows settings, components, and third-party software. In this article, we will look at how to install new administrative templates or update existing ADMX template versions on a standalone Windows computer and in an Active Directory domain.
Understanding Group Policy Administrative Templates (ADMX)
GPO Administrative Templates (ADMX files) are XML configuration files that contain settings for the Group Policy Editor. They contain definitions of various settings, describing which parameters can be configured and their valid values. Essentially, ADMX templates define the changes that must be made to the Windows registry to apply to various settings.
- Computer configuration policies make changes to registry keys
HKLM\Software\PoliciesandHKLM\Software\Microsoft\WindowsCurrentVersion\Policies - User configuration policies in
HKCU\Software\PoliciesandHKCU\Software\Microsoft\Windows\CurrentVersion\Policies
The built-in administrative template files are available on any Windows computer and can be found in the following directory C:\Windows\PolicyDefinitions. For example:
Windows Defender.admx— contains settings for managing the built-in Windows antivirus.TerminalServer.admx– settings for Remote Desktop Services (RDS licensing options, RDP session timeouts, etc.)
Third-party developers and administrators can create their own ADMX templates for their apps. ADML files are used for multilingual support in ADMX templates.
ADMX templates act as an interface that simplifies management registry options via Group Policies, making it easier for administrators to configure the same settings on all devices.
How to Update Group Policy ADMX Templates for Windows 11
As new versions of Windows are released with new features, developers can add new settings to ADMX Group Policy templates. To see the new settings in the GPO Editor, the Administrative Templates files must be updated to newer versions. If you’re running Windows Server 2019 on your domain controllers, and want to use GPO to manage new settings available for Windows 11 24H2 computers, you’ll need to update the ADMX files on the DC. These files contain the latest policy settings compatible with Windows 11 24H2, so you can apply and manage new policies for these devices.
Let’s look at how to update the administrative GPO templates on the AD domain controller to support the latest available version of Windows 11.
- A list of links to download administrative templates for all supported versions of Windows is available here https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/create-and-manage-central-store
- In the list, find the latest Windows build that is in use in your environment (in my example, this is Windows 11 2024 Update 24H2).
- Follow the link to download the MSI installer. Install
Administrative Templates (.admx) for Windows 11 Sep 2024 Update.msion any computer in the domain (there is no need to install it directly on a DC) - Copy the contents of the
C:\Program Files (x86)\Microsoft Group Policy\Windows 11 Sep 2024 Update (24H2)\PolicyDefinitionsdirectory to the central GPO store folder on the domain controller (\\woshub.com\SYSVOL\woshub.com\Policies\PolicyDefinitions). Replace (!!!) the existing files.
- Before replacing the files, be sure to back up the contents of the PolicyDefinitions directory in the SYSVOL folder on the DC (this allows you to roll back to previous versions of ADMX templates).
- There is no need to copy folders of ADML files for all the languages to the DC. Copy only the folders containing the languages you use in the GPO editor. This will reduce the size of the SYSVOL directory on the DC and reduce AD replication traffic;
- you have a computer running the new Windows 11 24H2 build, you can copy the new administrative template files from it (from
%WinDir%\PolicyDefinitions). In this case, you do not need to use the MSI installer.
- New ADMX template files in the SYSVOL directory will be automatically replicated to AD other domain controllers.
- Make sure that the GPO templates are installed correctly. Open the domain Group Policy Management Console (
gpmc.msc), create a new empty GPO, and try to edit it. Expand the Administrative Templates section. If the editor has successfully loaded all template files, the following message is displayed here:Policy definitions (ADMX files) retrieved from the central store - You can now configure new Group Policy settings and apply them to target computers.
HKLM\SOFTWARE\Policies\Microsoft\Windows). If this option is created, the GP Editor will load ADMX templates from the local %windir%\policydefinitions folder rather than from the Domain Central Store.Installing New ADMX Policy Templates for Group Policy
In the same way, you can add administrative templates for other apps (including third-party ones). For example, you want to install new administrative templates to manage Microsoft Edge browser settings via GPO.
- Go to the Microsoft Edge for business webpage(https://www.microsoft.com/en-us/edge/business/download);
- Select the Edge version, build number, and platform. Click the Get policy files button
- Extract the
MicrosoftEdgePolicyTemplates.cabfile - Go to the
\MicrosoftEdgePolicyTemplates\windows\admxfolder. Copy msedge.admx, msedgeupdate.admx, msedgewebview2.admx, and the directories containing ADML language files (for example,de-DEanden-US) to the Group Policy Central store folder on a domain controller (\\woshub.com\SYSVOL\woshub.com\Policies\PolicyDefinitions);
- Open the GPO editor console and check that there are new Administrative Templates sections for configuring Microsoft Edge browser settings.
Examples of how to install and use different ADMX GPO templates:
- Group Policy administrative templates for Microsoft Office apps (Word, Excel. Outlook, etc).
- ADMX templates for Google Chrome
- Templates for local user password management with LAPS (Local Administrator Password Solution)
- GPO templates for implementing recommended Windows security settings (Microsoft Security Baseline)
If you have multiple versions of the software that you want to manage using GPO, download and install all the ADMX files for all versions, starting with the earliest on your DC (administrative templates for the latest software version must be installed last.).
Possible errors after updating (installing) new Group Policy templates
Expanding administrative templates in the GPO Editor may cause errors:
An appropriate resource file could not be found for file yyy.admx. The system cannot find the file specified.
Namespace Microsoft.Policies.Sensors.WindowsLocationProvider is already defined as the target namespace for another file in the store.
In all of these cases, make sure you are using the latest available version of the ADMX file referenced in the error. Check that the file exists, is not corrupt, has the correct NTFS permissions, and that the corresponding ADML file is in the EN-US folder (and, optionally, in the folder for the other language, if you are using the localized Windows version). Replace ADMX/ADML files with newer versions.