[German]I'm going to post a topic here on the blog that affects administrators of Windows systems in companies. How do you actually make sure that the central ADMX store for Windows group policies always stays up to date and can be restored in case of corruption? Without up-to-date ADMX files in the store, group policies can't really be used efficiently.
Advertising
It's imho a problem that didn't exist like this before Windows 10 and Microsoft's as-a-service approach with other products like Office or Edge, etc. You only had to update the ADM(X) files at long intervals. The constant Windows 10/11 feature updates and updates to other Microsoft products mean that the ADMX files are constantly changing. Without an up-to-date ADMX store, group policies that have been newly introduced with a feature update or a new software version are not available.
For non English Windows admins, another problem is that Microsoft itself cannot keep up with its pace. After all, the ADMX policy templates have to be localized. Currently, I have no direct overview of the status, since I do not practically work as an administrator in an enterprise environment. But I know from personal communications last year with consultants working in the Microsoft environment that there were many localization issues with ADMX files.
Backup and update of the Windows ADMX Store
Blog reader Karl got me thinking about the topic for this blog post on Twitter. Karl supports various business customers with Windows systems. It is important to have an updated ADMX store for Windows in a central location. And to be able to react quickly in case of a disaster, backups for recovery are also important. Karl puts this up for debate in the following tweet.
The short message is actually quite unspectacular: remember to update the centralized ADMX store regularly and don't fail to keep all ADMX files up to date. This is the only way you can use the potential of the latest group policies.
Advertising
Actually, it goes without saying when you think about it. But it's a thankless job, because this is a white spot for Microsoft. To my knowledge there is no mechanism to keep the ADMX store files up to date and backup them if necessary. How do you guys actually solve it this way?
Wolfgang Sommergut has published this article on 4sysops.com, which deals with how to create a central ADMX store and keep it up to date if necessary. From Ali Tarjan there is this article with hints on how to build a "Central Store" for Group Policy Templates (ADMX). And on deploywindows.com there is this article with hints on how to update GPO template files. Might be well known to administrators, but it looks a lot like "manual work" to me, though.
A suggested solution
That Twitter can be a helpful medium, proves itself also in this case. Dennis Mohrmann points in this tweet to a script (EverGreenAdmx), which should at least keep the ADMX files up to date.
Msfreaks has provided the script in question on GitHub and writes: After setting up several Windows virtual desktop environments, I decided I didn't want to manually download the admx files I needed, and I wanted a way to keep them up to date.
The script in question solves both problems: it checks for newer versions of the existing Admx files, and processes the new version if found Optionally copies the new Admx files to the Policy Store or Definition folder, or to a folder of choice. The PowerShell script can be downloaded and run in any folder or installed from the PowerShell Gallery with the following command:
Install-Script -Name EvergreenAdmx
On GitHub, msfreaks writes that he runs the script daily and gives the command in question. It also lists the Microsoft products whose ADMX files are updated by the script. But I can't judge if the script does what Karl or you need. But maybe the topic is helpful for you.
