The default setup of Windows Active Directory is no central store. A central store is a central place to store your group policy definitions. If you only have one domain controller and make all your GPOs (Group Policy Objects) on that domain controller this likely wouldn’t be much of a problem.
The limitations start to show their faces when you have a second domain controller or you use a different system to make your GPOs. They also show up if you import GPOs that were build using newer group policy definitions. If you want to know how to import GPOs from another system I detailed the full process in a post called GPO Export and Import.
When you create or edit a GPO with the Group Policy Management Editor it checks to see if it can find a central store, if it can’t find one or if none exist it uses the group policy definitions from your computer which are stored in C:\Windows\PolicyDefinitions
.
Here’s how to create an Active Directory Central Store for all your group policy definitions on your domain.
- Create a PolicyDefinitions folder in SYSVOL Policies. In my example my domain is called testing.local so the path I need to create the PolicyDefinitions folder in is
\\testing.local\SYSVOL\testing.local\Policies
- Copy the contents of
C:\Windows\PolicyDefinitions
into thePolicyDefinitions
folder we just created.
In my example I am copying C:\Windows\PolicyDefinitions
to \\testing.local\SYSVOL\testing.local\Policies\PolicyDefinitions
- Now when we create or edit a GPO it will use the central store to get the group policy definitions.
Now all systems on the domain will be using the same set of policy definitions.
That is all it takes to make an Active Directory Central Store.
If you want to read more about the Central Store you can do so by reading Microsoft’s documentation about it.