[German]Are there issues managing group policies between Windows 10 and Windows 11? This is indicated by a post that came to my attention in the patchmanagement.org mailing list the other day. It says that group policies set under Windows 11 may not be able to be adjusted on Windows 10 clients in some settings. I'll post it on the blog, and ask if anyone has noticed anything similar.
Conflict with GPO management?
I put all this here in the blog post with a question mark. In the patchmanagement.org mailing list, a thread titled ADMX files Windows 10 21H2 from November 17, 2021 came under my eyes the other day. The thread starter had noticed that there are separate ADMX template files for Windows 11 21H2 and asked if he could use them for all his clients:
Before upgrading to W10 21H2 I thought I'd check for newer admx files, and instead found the Windows 11 21H2 admx templates to download. Would it make more sense/would it be safer to stay with the W10 21H1 templates or lay down the W11 21H2 templates? It sounds like they are backwards compatible, any W11 specifics just wouldn't apply for my PCs, from what I have read. Not going to Windows 11 for a little while…
or whether he should rather work under his Windows 10 clients with the admx files for this platform. I've covered this topic quite a bit below. But when I went through the discussions of the patchmanagement.org mailing list entry, the following entry by James Ferry (only visible with login) from April 10, 2022 caught my eye:
Some items are not editable on the w10 device if somebody else creates them on a w11 machine even with the same w11 version admx.
Similar happened with the ie11 settings on w8 when running on a w7 device.
Only matters if you use those settings. If it does happen they'll pop up in "other registry settings".
Basically, in the admx rules there are flags for when a setting can be shown. It doesn't take into account that an admin could be on a different type of system.
You can manually edit the value though in notepad, or if keen, just get rid of the restriction on the admx on you support PC.
The gist: If group policies for Windows 10 machines are created/maintained on Windows 11 clients, conflicts may occur. The admin in question writes that these affected policies cannot then be changed on the client under Windows 10. Only the manual adjustment via Notepad is still possible.
But this implies that administration of mixed clients (Windows 11 and older Windows versions up to Windows 10) can cause problems if GPOs are administered alternately with clients running Windows 10 and Windows 11. The question I have: Are there any administrators among the readership who can confirm this?
The poster mentions an old case that occurred between Windows 8 and Windows 7 with Internet Explorer 11 GPOs. There is also a support post Cannot edit Group Policy settings on a site in Windows from Microsoft for Windows for Windows 7 to 8.1 and the server counterparts that deals with non-editable GPO settings in mixed environments. The case however is not quite comparable and Microsoft released a fix for Windows 8.x at the time.
Windows 10/11 GPOs different
DGroup policies (GPOs) differ between Windows 11 and earlier versions up to Windows 10. Meanwhile, yes, Microsoft publishes separate ADMX files for Windows 11, Windows Server 2022, and the older Windows versions up to and including Windows 10 and the server counterparts. I had addressed this within the blog post Administrative Templates (.admx) v2.0 up to Windows 10 November 2021 Update (21H2). There is a tech communitypost (thread start January 16, 2022) by a Microsoft employee with a comparison of the GPOs for Windows 10/11 as well as subsequent user discussions. Microsoft has also created a post on the topic, which I've addressed in the blog post Windows 10/11: Which group policies should no longer be used in patch management.
Windows 10/11: Which group policies should no longer be used in patch management
Administrative Templates (.admx) v2.0 up to Windows 10 November 2021 Update (21H2)
Backup and update your central Windows ADMX store
Cookies helps to fund this blog: Cookie settings