List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] Vista GPO

Prev Next

You are not authorized to post a reply.

Page 1 of 4

Author

Messages

AD00000893 User is Offline

Posts:0

12/14/2006 12:56 PM
Anyone know what and where the GPO plugin for Win2003 on the Vista DVD is called and located? -Z.V. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

darren

Posts:164

12/14/2006 1:34 AM
What do you mean Za? I'm not familiar with any GPO plug-in for Win2K3, unless you mean the LDIF files that are in sources\adprep on the Vista CD? -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Za Vue Sent: Thursday, December 14, 2006 9:57 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Vista GPO Anyone know what and where the GPO plugin for Win2003 on the Vista DVD is called and located? -Z.V. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

AD000001799 User is Offline

Posts:0

12/14/2006 1:51 AM
Maybe he may be referring to the location of any possible new ADM files included with Vista. -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia Sent: Thursday, December 14, 2006 10:34 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO What do you mean Za? I'm not familiar with any GPO plug-in for Win2K3, unless you mean the LDIF files that are in sources\adprep on the Vista CD? -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Za Vue Sent: Thursday, December 14, 2006 9:57 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Vista GPO Anyone know what and where the GPO plugin for Win2003 on the Vista DVD is called and located? -Z.V. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

AD00000893 User is Offline

Posts:0

12/14/2006 4:18 AM
Sorry. Exactly what Ben wrote. Thanks.. -Z.V. WATSON, BEN wrote: > Maybe he may be referring to the location of any possible new ADM files > included with Vista. > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia > Sent: Thursday, December 14, 2006 10:34 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Vista GPO > > What do you mean Za? I'm not familiar with any GPO plug-in for Win2K3, > unless you mean the LDIF files that are in sources\adprep on the Vista > CD? > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Za Vue > Sent: Thursday, December 14, 2006 9:57 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Vista GPO > > Anyone know what and where the GPO plugin for Win2003 on the Vista DVD > is called and located? > > -Z.V. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

darren

Posts:164

12/14/2006 5:13 AM
Vista introduces a new Admin Template format called ADMX. These are found on Vista in C:\windows\policydefinitions and, unfortuately cannot be consumed by earlier versions of Windows. That is you must manage Vista GP from Vista. Darren -----Original Message----- From: "Za Vue" To: ActiveDir@mail.activedir.org Sent: 12/14/2006 1:18 PM Subject: Re: [ActiveDir] Vista GPO Sorry. Exactly what Ben wrote. Thanks.. -Z.V. WATSON, BEN wrote: > Maybe he may be referring to the location of any possible new ADM files > included with Vista. > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia > Sent: Thursday, December 14, 2006 10:34 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Vista GPO > > What do you mean Za? I'm not familiar with any GPO plug-in for Win2K3, > unless you mean the LDIF files that are in sources\adprep on the Vista > CD? > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Za Vue > Sent: Thursday, December 14, 2006 9:57 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Vista GPO > > Anyone know what and where the GPO plugin for Win2003 on the Vista DVD > is called and located? > > -Z.V. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

darren

Posts:164

12/14/2006 5:49 AM
The converter (ADMX Migrator) is only meant to convert ADMs into ADMXs-- not the other way around unfortunately. Darren -----Original Message----- From: "Mark Parris" To: "ActiveDir.org" Sent: 12/14/2006 2:20 PM Subject: Re: [ActiveDir] Vista GPO www.microsoft.com/downloads has a load of the new adms and admx conversionsList info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

WLU

Posts:0

12/14/2006 6:11 AM
With Vista ADMX format, is it a better implementation to have central ADMX storage on the DCs? =============================== Weiming Lu Emory College Computing Support (404)727-7917 -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia Sent: Thursday, December 14, 2006 5:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO Vista introduces a new Admin Template format called ADMX. These are found on Vista in C:\windows\policydefinitions and, unfortuately cannot be consumed by earlier versions of Windows. That is you must manage Vista GP from Vista. Darren -----Original Message----- From: "Za Vue" To: ActiveDir@mail.activedir.org Sent: 12/14/2006 1:18 PM Subject: Re: [ActiveDir] Vista GPO Sorry. Exactly what Ben wrote. Thanks.. -Z.V. WATSON, BEN wrote: > Maybe he may be referring to the location of any possible new ADM > files included with Vista. > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren > Mar-Elia > Sent: Thursday, December 14, 2006 10:34 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Vista GPO > > What do you mean Za? I'm not familiar with any GPO plug-in for Win2K3, > unless you mean the LDIF files that are in sources\adprep on the Vista > CD? > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Za Vue > Sent: Thursday, December 14, 2006 9:57 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Vista GPO > > Anyone know what and where the GPO plugin for Win2003 on the Vista DVD > is called and located? > > -Z.V. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir@mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir@mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

darren

Posts:164

12/14/2006 7:03 AM
The Central Store gives you some nice features. First, it gives you a central place for all GP administrators to get their ADMXs from. That way you can control which ones get loaded for a given GPO. 2nd, it gives you a central point of version control, which is not something you had with each GPO storing its own copy of ADMs in pre-Vista days. However, the one downside to the Central Store from my perspective is that, once it exists, all GP editors in the domain will refer to it. That means there is no granularity anymore in terms of which ADMXs appear for a given GPO. So, in the ADM days (you know, long ago, like a month ago :)) you could load one or ten ADMs into a GPO based on your needs. In the ADMX world, once the Central Store is populated, all GPOs in the domain load all ADMXs in the Central Store and you can't change that unless you want to revert back to using ADMs stored in each GPO. So, good and bad--mostly good I think for most shops. Darren -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Lu, WeiMing Sent: Thursday, December 14, 2006 3:11 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO With Vista ADMX format, is it a better implementation to have central ADMX storage on the DCs? =============================== Weiming Lu Emory College Computing Support (404)727-7917 -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia Sent: Thursday, December 14, 2006 5:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO Vista introduces a new Admin Template format called ADMX. These are found on Vista in C:\windows\policydefinitions and, unfortuately cannot be consumed by earlier versions of Windows. That is you must manage Vista GP from Vista. Darren -----Original Message----- From: "Za Vue" To: ActiveDir@mail.activedir.org Sent: 12/14/2006 1:18 PM Subject: Re: [ActiveDir] Vista GPO Sorry. Exactly what Ben wrote. Thanks.. -Z.V. WATSON, BEN wrote: > Maybe he may be referring to the location of any possible new ADM > files included with Vista. > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren > Mar-Elia > Sent: Thursday, December 14, 2006 10:34 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Vista GPO > > What do you mean Za? I'm not familiar with any GPO plug-in for Win2K3, > unless you mean the LDIF files that are in sources\adprep on the Vista > CD? > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Za Vue > Sent: Thursday, December 14, 2006 9:57 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Vista GPO > > Anyone know what and where the GPO plugin for Win2003 on the Vista DVD > is called and located? > > -Z.V. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir@mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir@mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

laurarobinson User is Offline

Posts:96

12/15/2006 1:19 AM
So Microsoft should encourage their bad practices? Laura From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, DejiSent: Friday, December 15, 2006 12:39 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPO >>> People don't seem to have a problem with that concept when it comes to game consoles :) Bad analogy. Go stand in the corner, no wii for you :) When people start running their businesses on game consoles, then you can come back and compare. For now, it's just plain incomprehensible that you can't manage ADMX from anything but Vista. Yeah, ideally we would want to encourage clients to NOT manage things directly from servers, and to ensure that IF they are going to introduce Vista, the IT folks' machines should be doing the dog-fooding, but realistically, the "ideal" is always the exception in this field. Microsoft should know that. People will insist on managing GPO directly from the DCs, best practices be damned. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Darren Mar-EliaSent: Fri 12/15/2006 9:18 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPO I hear you Rich. I had a long discussion with someone on the GP newsgroups who thought that the fact that XP and 2003 couldn't read Vista GP settings was an abomination and a scandal of the highest order and that MS should be beaten for their insolence (I'm paraphrasing :-)). But, yes, we should all be used to the fact that sometimes, you have to adopt the new stuff to get the new toys. People don't seem to have a problem with that concept when it comes to game consoles :) Darren -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich Milburn Sent: Friday, December 15, 2006 9:04 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO Sorry, I understand it's different, what I meant was merely that we had some growing pains like this when XP first came out. Our practice then became to use only XP desktops for GP management. I think there's a tendency to think this is such a terrible thing, this backwards-incompatibility, and we might forget that Vista is not new with this, we had similar issues before. And who remembers the teeth-pulling to get people to move to Active Directory?? ----------------------------------------------------------------------- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 ---------------------------------------------------------------------- "I love the smell of red herrings in the morning" - anonymous -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia Sent: Friday, December 15, 2006 10:05 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO This is actually a little different because if you view a GPO that was created with Vista, using XP or 2003, none of the ADMX settings can actually be read at all, because they are a completely new format that GPEditor or GPMC on those older platforms don't understand. In fact, those XP or 2003 will happily copy up the ADMs into the Vista GPO like they used to do, and you're back to each GPO storing ADMs in SYSVOL. What I've been recommending to folks is that once you introduce Vista desktops into your environment, use Vista for all your ongoing GP management. The Vista ADMXs are a superset of the latest and greatest ADMs (i.e. they include 2003, XP and Vista settings) so you can happily manage Vista and non-Vista targeted GP settings from a Vista machine. Darren Darren Mar-Elia CTO & Founder www.sdmsoftware.com darren@sdmsoftware.com -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich Milburn Sent: Friday, December 15, 2006 6:49 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO You may recall, there was a similar case when XP came out too - if memory serves, you had to manage XP GPO settings from an XP box - if you opened them on Win2K, there were problems (I can't recall now exactly what those problems were... it would corrupt the policy? Lose the settings?) anyway so there are tons more settings (+ side) and you have to use Vista for now (- side, sorta). I wouldn't be too surprised if they fix that with the next server and XP SP... but I haven't actually heard that. ----------------------------------------------------------------------- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 ---------------------------------------------------------------------- "I love the smell of red herrings in the morning" - anonymous -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia Sent: Thursday, December 14, 2006 4:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO Vista introduces a new Admin Template format called ADMX. These are found on Vista in C:\windows\policydefinitions and, unfortuately cannot be consumed by earlier versions of Windows. That is you must manage Vista GP from Vista. Darren -----Original Message----- From: "Za Vue" To: ActiveDir@mail.activedir.org Sent: 12/14/2006 1:18 PM Subject: Re: [ActiveDir] Vista GPO Sorry. Exactly what Ben wrote. Thanks.. -Z.V. WATSON, BEN wrote: > Maybe he may be referring to the location of any possible new ADM files > included with Vista. > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia > Sent: Thursday, December 14, 2006 10:34 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Vista GPO > > What do you mean Za? I'm not familiar with any GPO plug-in for Win2K3, > unless you mean the LDIF files that are in sources\adprep on the Vista > CD? > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Za Vue > Sent: Thursday, December 14, 2006 9:57 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Vista GPO > > Anyone know what and where the GPO plugin for Win2003 on the Vista DVD > is called and located? > > -Z.V. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.5.432 / Virus Database: 268.15.20/588 - Release Date: 12/15/2006 10:02 AM -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.432 / Virus Database: 268.15.20/588 - Release Date: 12/15/2006 10:02 AM

darren

Posts:164

12/15/2006 1:21 AM
v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} Come on Deji—its exactly the same, else why in the world do we upgrade perfectly good IT systems? J Folks can manage their GP from DCs when Longhorn ships. Until then, its Vista. Also, it would fairly trivial, if not time-consuming, to convert all those ADMXs in Vista back to ADMs. There is nothing technically preventing that. But, it is not trivial to back-port the other new Vista functionality, like published printers, wired policy, the new IPSec and Firewall stuff, back to older versions. You wouldn’t need to back-port all of it—just enough to support GP Editing, but still, it’s a lot of work and MS, like most other software companies, probably needs to make the hard call about where to put dev and testing resources. I agree that its not ideal, but I don’t think having to manage GP from Vista for the intervening space of time until Longhorn ships is a terrible thing. It will probably take most orgs that much time to decide when to go to Vista anyway. And for the aggressive ones, Vista is not a bad choice for a management platform. I think the benefits of the central store and other improvements outweigh the medium term inconvenience. I am curious, however, what others think. Darren From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji Sent: Friday, December 15, 2006 9:39 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO >>> People don't seem to have a problem with that concept when it comes to game consoles :) Bad analogy. Go stand in the corner, no wii for you :) When people start running their businesses on game consoles, then you can come back and compare. For now, it's just plain incomprehensible that you can't manage ADMX from anything but Vista. Yeah, ideally we would want to encourage clients to NOT manage things directly from servers, and to ensure that IF they are going to introduce Vista, the IT folks' machines should be doing the dog-fooding, but realistically, the "ideal" is always the exception in this field. Microsoft should know that. People will insist on managing GPO directly from the DCs, best practices be damned. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.com- we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Darren Mar-Elia Sent: Fri 12/15/2006 9:18 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO I hear you Rich. I had a long discussion with someone on the GP newsgroupswho thought that the fact that XP and 2003 couldn't read Vista GP settingswas an abomination and a scandal of the highest order and that MS should bebeaten for their insolence (I'm paraphrasing :-)). But, yes, we should allbe used to the fact that sometimes, you have to adopt the new stuff to getthe new toys. People don't seem to have a problem with that concept when itcomes to game consoles :)Darren-----Original Message-----From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich MilburnSent: Friday, December 15, 2006 9:04 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPOSorry, I understand it's different, what I meant was merely that we hadsome growing pains like this when XP first came out. Our practice thenbecame to use only XP desktops for GP management. I think there's atendency to think this is such a terrible thing, thisbackwards-incompatibility, and we might forget that Vista is not newwith this, we had similar issues before. And who remembers theteeth-pulling to get people to move to Active Directory??-----------------------------------------------------------------------Rich MilburnMCSE, Microsoft MVP - Directory ServicesSr Network Analyst, Field Platform DevelopmentApplebee's International, Inc.4551 W. 107th StOverland Park, KS 66207913-967-2819----------------------------------------------------------------------"I love the smell of red herrings in the morning" - anonymous-----Original Message-----From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-EliaSent: Friday, December 15, 2006 10:05 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPOThis is actually a little different because if you view a GPO that wascreated with Vista, using XP or 2003, none of the ADMX settings canactuallybe read at all, because they are a completely new format that GPEditororGPMC on those older platforms don't understand. In fact, those XP or2003will happily copy up the ADMs into the Vista GPO like they used to do,andyou're back to each GPO storing ADMs in SYSVOL. What I've beenrecommendingto folks is that once you introduce Vista desktops into yourenvironment,use Vista for all your ongoing GP management. The Vista ADMXs are asupersetof the latest and greatest ADMs (i.e. they include 2003, XP and Vistasettings) so you can happily manage Vista and non-Vista targeted GPsettingsfrom a Vista machine.DarrenDarren Mar-EliaCTO & Founderwww.sdmsoftware.comdarren@sdmsoftware.com-----Original Message-----From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich MilburnSent: Friday, December 15, 2006 6:49 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPOYou may recall, there was a similar case when XP came out too - ifmemory serves, you had to manage XP GPO settings from an XP box - if youopened them on Win2K, there were problems (I can't recall now exactlywhat those problems were... it would corrupt the policy? Lose thesettings?) anyway so there are tons more settings (+ side) and you haveto use Vista for now (- side, sorta). I wouldn't be too surprised ifthey fix that with the next server and XP SP... but I haven't actuallyheard that.-----------------------------------------------------------------------Rich MilburnMCSE, Microsoft MVP - Directory ServicesSr Network Analyst, Field Platform DevelopmentApplebee's International, Inc.4551 W. 107th StOverland Park, KS 66207913-967-2819----------------------------------------------------------------------"I love the smell of red herrings in the morning" - anonymous-----Original Message-----From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-EliaSent: Thursday, December 14, 2006 4:13 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPOVista introduces a new Admin Template format called ADMX. These arefound on Vista in C:\windows\policydefinitions and, unfortuately cannotbe consumed by earlier versions of Windows. That is you must manageVista GP from Vista.Darren-----Original Message-----From: "Za Vue" To: ActiveDir@mail.activedir.orgSent: 12/14/2006 1:18 PMSubject: Re: [ActiveDir] Vista GPOSorry. Exactly what Ben wrote.Thanks..-Z.V.WATSON, BEN wrote:> Maybe he may be referring to the location of any possible new ADMfiles> included with Vista.>> -----Original Message-----> From: ActiveDir-owner@mail.activedir.org> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of DarrenMar-Elia> Sent: Thursday, December 14, 2006 10:34 AM> To: ActiveDir@mail.activedir.org> Subject: RE: [ActiveDir] Vista GPO >> What do you mean Za? I'm not familiar with any GPO plug-in for Win2K3,> unless you mean the LDIF files that are in sources\adprep on the Vista> CD?>> -----Original Message-----> From: ActiveDir-owner@mail.activedir.org> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Za Vue> Sent: Thursday, December 14, 2006 9:57 AM> To: ActiveDir@mail.activedir.org> Subject: [ActiveDir] Vista GPO >> Anyone know what and where the GPO plugin for Win2003 on the Vista DVD> is called and located?>> -Z.V.> List info : http://www.activedir.org/List.aspx> List FAQ : http://www.activedir.org/ListFAQ.aspx> List archive:http://www.mail-archive.com/activedir@mail.activedir.org/>> List info : http://www.activedir.org/List.aspx> List FAQ : http://www.activedir.org/ListFAQ.aspx> List archive:http://www.mail-archive.com/activedir@mail.activedir.org/> List info : http://www.activedir.org/List.aspx> List FAQ : http://www.activedir.org/ListFAQ.aspx> List archive:http://www.mail-archive.com/activedir@mail.activedir.org/>>> List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or anyattachments. This information is strictly confidential and may be subject toattorney-client privilege. This message is intended only for the use of the namedaddressee.If you are not the intended recipient of this message, unauthorizedforwarding,printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, youshould kindly notify the sender by reply e-mail and immediately destroy thismessage. Unauthorized interception of this e-mail is a violation of federalcriminallaw. Applebee's International, Inc. reserves the right to monitor and reviewthe content of all messages sent to and from this e-mail address. Messagessentto or from this e-mail address may be stored on the Applebee'sInternational,Inc. e-mail system.List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or anyattachments. This information is strictly confidential and may be subject toattorney-client privilege. This message is intended only for the use of the named addressee.If you are not the intended recipient of this message, unauthorized forwarding,printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, youshould kindly notify the sender by reply e-mail and immediately destroy thismessage. Unauthorized interception of this e-mail is a violation of federal criminallaw. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sentto or from this e-mail address may be stored on the Applebee's International,Inc. e-mail system.List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/

deji

Posts:140

12/15/2006 1:41 AM
I wouldn't put it in those words. But, yeah, I would expect Microsoft to be... shall we say...pragmatic, realistic. Something like, "enable" its customers to run their businesses. I mean,refrain from "dictating" its wishes. You know? Because at the end of the day, it is the "clueless customers" that actually write the checks that add up to those billions in the vault. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Laura A. RobinsonSent: Fri 12/15/2006 10:19 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPO So Microsoft should encourage their bad practices? Laura From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, DejiSent: Friday, December 15, 2006 12:39 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPO >>> People don't seem to have a problem with that concept when it comes to game consoles :) Bad analogy. Go stand in the corner, no wii for you :) When people start running their businesses on game consoles, then you can come back and compare. For now, it's just plain incomprehensible that you can't manage ADMX from anything but Vista. Yeah, ideally we would want to encourage clients to NOT manage things directly from servers, and to ensure that IF they are going to introduce Vista, the IT folks' machines should be doing the dog-fooding, but realistically, the "ideal" is always the exception in this field. Microsoft should know that. People will insist on managing GPO directly from the DCs, best practices be damned. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Darren Mar-EliaSent: Fri 12/15/2006 9:18 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPO I hear you Rich. I had a long discussion with someone on the GP newsgroups who thought that the fact that XP and 2003 couldn't read Vista GP settings was an abomination and a scandal of the highest order and that MS should be beaten for their insolence (I'm paraphrasing :-)). But, yes, we should all be used to the fact that sometimes, you have to adopt the new stuff to get the new toys. People don't seem to have a problem with that concept when it comes to game consoles :) Darren -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich Milburn Sent: Friday, December 15, 2006 9:04 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO Sorry, I understand it's different, what I meant was merely that we had some growing pains like this when XP first came out. Our practice then became to use only XP desktops for GP management. I think there's a tendency to think this is such a terrible thing, this backwards-incompatibility, and we might forget that Vista is not new with this, we had similar issues before. And who remembers the teeth-pulling to get people to move to Active Directory?? ----------------------------------------------------------------------- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 ---------------------------------------------------------------------- "I love the smell of red herrings in the morning" - anonymous -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia Sent: Friday, December 15, 2006 10:05 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO This is actually a little different because if you view a GPO that was created with Vista, using XP or 2003, none of the ADMX settings can actually be read at all, because they are a completely new format that GPEditor or GPMC on those older platforms don't understand. In fact, those XP or 2003 will happily copy up the ADMs into the Vista GPO like they used to do, and you're back to each GPO storing ADMs in SYSVOL. What I've been recommending to folks is that once you introduce Vista desktops into your environment, use Vista for all your ongoing GP management. The Vista ADMXs are a superset of the latest and greatest ADMs (i.e. they include 2003, XP and Vista settings) so you can happily manage Vista and non-Vista targeted GP settings from a Vista machine. Darren Darren Mar-Elia CTO & Founder www.sdmsoftware.com darren@sdmsoftware.com -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich Milburn Sent: Friday, December 15, 2006 6:49 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO You may recall, there was a similar case when XP came out too - if memory serves, you had to manage XP GPO settings from an XP box - if you opened them on Win2K, there were problems (I can't recall now exactly what those problems were... it would corrupt the policy? Lose the settings?) anyway so there are tons more settings (+ side) and you have to use Vista for now (- side, sorta). I wouldn't be too surprised if they fix that with the next server and XP SP... but I haven't actually heard that. ----------------------------------------------------------------------- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 ---------------------------------------------------------------------- "I love the smell of red herrings in the morning" - anonymous -----Original Message----- From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia Sent: Thursday, December 14, 2006 4:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO Vista introduces a new Admin Template format called ADMX. These are found on Vista in C:\windows\policydefinitions and, unfortuately cannot be consumed by earlier versions of Windows. That is you must manage Vista GP from Vista. Darren -----Original Message----- From: "Za Vue" To: ActiveDir@mail.activedir.org Sent: 12/14/2006 1:18 PM Subject: Re: [ActiveDir] Vista GPO Sorry. Exactly what Ben wrote. Thanks.. -Z.V. WATSON, BEN wrote: > Maybe he may be referring to the location of any possible new ADM files > included with Vista. > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia > Sent: Thursday, December 14, 2006 10:34 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Vista GPO > > What do you mean Za? I'm not familiar with any GPO plug-in for Win2K3, > unless you mean the LDIF files that are in sources\adprep on the Vista > CD? > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Za Vue > Sent: Thursday, December 14, 2006 9:57 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Vista GPO > > Anyone know what and where the GPO plugin for Win2003 on the Vista DVD > is called and located? > > -Z.V. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.5.432 / Virus Database: 268.15.20/588 - Release Date: 12/15/2006 10:02 AM --No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.5.432 / Virus Database: 268.15.20/588 - Release Date: 12/15/2006 10:02 AM

sbradcpa

Posts:317

12/15/2006 1:50 AM
Bad for whom? Down here where the bar is low for best practices in the first place.... the var/vap comes in and has to kick the owner off of his shiny new OEM Vista box and borrow it to set up the group policy firewall settings for it, or other settings that the managed services partner may want to do. When I'm doing group policy stuff... I'm up on that GPMC that is automagically installed on that SBS box and I'm in a group policy frame of mind. I could manage GPOs from my desktop but I just don't... I RDP into the server. What you guys should think of is burning in a VCD (virtual) Vista image that is pre-staged to be nothing but a Group policy management tool? (stupid idea?) Laura A. Robinson wrote: > So Microsoft should encourage their bad practices? > > Laura > > ------------------------------------------------------------------------ > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of > Akomolafe, Deji > Sent: Friday, December 15, 2006 12:39 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Vista GPO > > >>> People don't seem to have a problem with that concept when it > comes to game consoles :) > > Bad analogy. Go stand in the corner, no wii for you :) > > When people start running their businesses on game consoles, then > you can come back and compare. For now, it's just plain > incomprehensible that you can't manage ADMX from anything but > Vista. Yeah, ideally we would want to encourage clients to NOT > manage things directly from servers, and to ensure that IF they > are going to introduce Vista, the IT folks' machines should be > doing the dog-fooding, but realistically, the "ideal" is always > the exception in this field. Microsoft should know that. People > will insist on managing GPO directly from the DCs, best practices > be damned. > > Sincerely, > _____ > (, / \| /) /) /) > /---\| (/_ ______ ___// _ // _ > ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ > (_/ /) > (/ > Microsoft MVP - Directory Services > www.akomolafe.com > - we know IT > -5.75, -3.23 > Do you now realize that Today is the Tomorrow you were worried > about Yesterday? -anon > > ------------------------------------------------------------------------ > From: Darren Mar-Elia > Sent: Fri 12/15/2006 9:18 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Vista GPO > > I hear you Rich. I had a long discussion with someone on the GP newsgroups > who thought that the fact that XP and 2003 couldn't read Vista GP settings > was an abomination and a scandal of the highest order and that MS should be > beaten for their insolence (I'm paraphrasing :-)). But, yes, we should all > be used to the fact that sometimes, you have to adopt the new stuff to get > the new toys. People don't seem to have a problem with that concept when it > comes to game consoles :) > > Darren > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich Milburn > Sent: Friday, December 15, 2006 9:04 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Vista GPO > > Sorry, I understand it's different, what I meant was merely that we had > some growing pains like this when XP first came out. Our practice then > became to use only XP desktops for GP management. I think there's a > tendency to think this is such a terrible thing, this > backwards-incompatibility, and we might forget that Vista is not new > with this, we had similar issues before. And who remembers the > teeth-pulling to get people to move to Active Directory?? > > ----------------------------------------------------------------------- > Rich Milburn > MCSE, Microsoft MVP - Directory Services > Sr Network Analyst, Field Platform Development > Applebee's International, Inc. > 4551 W. 107th St > Overland Park, KS 66207 > 913-967-2819 > ---------------------------------------------------------------------- > "I love the smell of red herrings in the morning" - anonymous > > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia > Sent: Friday, December 15, 2006 10:05 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Vista GPO > > This is actually a little different because if you view a GPO that was > created with Vista, using XP or 2003, none of the ADMX settings can > actually > be read at all, because they are a completely new format that GPEditor > or > GPMC on those older platforms don't understand. In fact, those XP or > 2003 > will happily copy up the ADMs into the Vista GPO like they used to do, > and > you're back to each GPO storing ADMs in SYSVOL. What I've been > recommending > to folks is that once you introduce Vista desktops into your > environment, > use Vista for all your ongoing GP management. The Vista ADMXs are a > superset > of the latest and greatest ADMs (i.e. they include 2003, XP and Vista > settings) so you can happily manage Vista and non-Vista targeted GP > settings > from a Vista machine. > > Darren > > Darren Mar-Elia > CTO & Founder > www.sdmsoftware.com > darren@sdmsoftware.com > > > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich Milburn > Sent: Friday, December 15, 2006 6:49 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Vista GPO > > You may recall, there was a similar case when XP came out too - if > memory serves, you had to manage XP GPO settings from an XP box - if you > opened them on Win2K, there were problems (I can't recall now exactly > what those problems were... it would corrupt the policy? Lose the > settings?) anyway so there are tons more settings (+ side) and you have > to use Vista for now (- side, sorta). I wouldn't be too surprised if > they fix that with the next server and XP SP... but I haven't actually > heard that. > > ----------------------------------------------------------------------- > Rich Milburn > MCSE, Microsoft MVP - Directory Services > Sr Network Analyst, Field Platform Development > Applebee's International, Inc. > 4551 W. 107th St > Overland Park, KS 66207 > 913-967-2819 > ---------------------------------------------------------------------- > "I love the smell of red herrings in the morning" - anonymous > > > -----Original Message----- > From: ActiveDir-owner@mail.activedir.org > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia > Sent: Thursday, December 14, 2006 4:13 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Vista GPO > > Vista introduces a new Admin Template format called ADMX. These are > found on Vista in C:\windows\policydefinitions and, unfortuately cannot > be consumed by earlier versions of Windows. That is you must manage > Vista GP from Vista. > > Darren > > -----Original Message----- > From: "Za Vue" > To: ActiveDir@mail.activedir.org > Sent: 12/14/2006 1:18 PM > Subject: Re: [ActiveDir] Vista GPO > > Sorry. Exactly what Ben wrote. > > Thanks.. > > -Z.V. > > WATSON, BEN wrote: > > Maybe he may be referring to the location of any possible new ADM > files > > included with Vista. > > > > -----Original Message----- > > From: ActiveDir-owner@mail.activedir.org > > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren > Mar-Elia > > Sent: Thursday, December 14, 2006 10:34 AM > > To: ActiveDir@mail.activedir.org > > Subject: RE: [ActiveDir] Vista GPO > > > > What do you mean Za? I'm not familiar with any GPO plug-in for Win2K3, > > unless you mean the LDIF files that are in sources\adprep on the Vista > > CD? > > > > -----Original Message----- > > From: ActiveDir-owner@mail.activedir.org > > [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Za Vue > > Sent: Thursday, December 14, 2006 9:57 AM > > To: ActiveDir@mail.activedir.org > > Subject: [ActiveDir] Vista GPO > > > > Anyone know what and where the GPO plugin for Win2003 on the Vista DVD > > > is called and located? > > > > -Z.V. > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > http://www.mail-archive.com/activedir@mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > http://www.mail-archive.com/activedir@mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > http://www.mail-archive.com/activedir@mail.activedir.org/ > > > > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- > PRIVILEGED / > CONFIDENTIAL INFORMATION may be contained in this message or any > attachments. > This information is strictly confidential and may be subject to > attorney-client > privilege. This message is intended only for the use of the named > addressee. > If > you are not the intended recipient of this message, unauthorized > forwarding, > > printing, copying, distribution, or using such information is strictly > prohibited and may be unlawful. If you have received this in error, you > should > kindly notify the sender by reply e-mail and immediately destroy this > message. > Unauthorized interception of this e-mail is a violation of federal > criminal > law. > Applebee's International, Inc. reserves the right to monitor and review > the > content of all messages sent to and from this e-mail address. Messages > sent > to > or from this e-mail address may be stored on the Applebee's > International, > Inc. > e-mail system. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- > PRIVILEGED / > CONFIDENTIAL INFORMATION may be contained in this message or any > attachments. > This information is strictly confidential and may be subject to > attorney-client > privilege. This message is intended only for the use of the named addressee. > If > you are not the intended recipient of this message, unauthorized forwarding, > > printing, copying, distribution, or using such information is strictly > prohibited and may be unlawful. If you have received this in error, you > should > kindly notify the sender by reply e-mail and immediately destroy this > message. > Unauthorized interception of this e-mail is a violation of federal criminal > law. > Applebee's International, Inc. reserves the right to monitor and review the > content of all messages sent to and from this e-mail address. Messages sent > to > or from this e-mail address may be stored on the Applebee's International, > Inc. > e-mail system. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.432 / Virus Database: 268.15.20/588 - Release Date: > 12/15/2006 10:02 AM > > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.5.432 / Virus Database: 268.15.20/588 - Release Date: > 12/15/2006 10:02 AM > -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/

tvanderkooi User is Offline

Posts:15

12/15/2006 1:53 AM
v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} They won’t do it if Microsoft makes it so they CAN’T do it. I feel Microsoft should be applauded for forcing admins to do their jobs correctly for a change, instead of giving in to the lazy or uninformed amongst us. Just my opinion, Tim From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji Sent: Friday, December 15, 2006 11:39 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO >>> People don't seem to have a problem with that concept when it comes to game consoles :) Bad analogy. Go stand in the corner, no wii for you :) When people start running their businesses on game consoles, then you can come back and compare. For now, it's just plain incomprehensible that you can't manage ADMX from anything but Vista. Yeah, ideally we would want to encourage clients to NOT manage things directly from servers, and to ensure that IF they are going to introduce Vista, the IT folks' machines should be doing the dog-fooding, but realistically, the "ideal" is always the exception in this field. Microsoft should know that. People will insist on managing GPO directly from the DCs, best practices be damned. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.akomolafe.com- we know IT -5.75, -3.23 Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Darren Mar-Elia Sent: Fri 12/15/2006 9:18 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Vista GPO I hear you Rich. I had a long discussion with someone on the GP newsgroupswho thought that the fact that XP and 2003 couldn't read Vista GP settingswas an abomination and a scandal of the highest order and that MS should bebeaten for their insolence (I'm paraphrasing :-)). But, yes, we should allbe used to the fact that sometimes, you have to adopt the new stuff to getthe new toys. People don't seem to have a problem with that concept when itcomes to game consoles :)Darren-----Original Message-----From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich MilburnSent: Friday, December 15, 2006 9:04 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPOSorry, I understand it's different, what I meant was merely that we hadsome growing pains like this when XP first came out. Our practice thenbecame to use only XP desktops for GP management. I think there's atendency to think this is such a terrible thing, thisbackwards-incompatibility, and we might forget that Vista is not newwith this, we had similar issues before. And who remembers theteeth-pulling to get people to move to Active Directory??-----------------------------------------------------------------------Rich MilburnMCSE, Microsoft MVP - Directory ServicesSr Network Analyst, Field Platform DevelopmentApplebee's International, Inc.4551 W. 107th StOverland Park, KS 66207913-967-2819----------------------------------------------------------------------"I love the smell of red herrings in the morning" - anonymous-----Original Message-----From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-EliaSent: Friday, December 15, 2006 10:05 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPOThis is actually a little different because if you view a GPO that wascreated with Vista, using XP or 2003, none of the ADMX settings canactuallybe read at all, because they are a completely new format that GPEditororGPMC on those older platforms don't understand. In fact, those XP or2003will happily copy up the ADMs into the Vista GPO like they used to do,andyou're back to each GPO storing ADMs in SYSVOL. What I've beenrecommendingto folks is that once you introduce Vista desktops into yourenvironment,use Vista for all your ongoing GP management. The Vista ADMXs are asupersetof the latest and greatest ADMs (i.e. they include 2003, XP and Vistasettings) so you can happily manage Vista and non-Vista targeted GPsettingsfrom a Vista machine.DarrenDarren Mar-EliaCTO & Founderwww.sdmsoftware.comdarren@sdmsoftware.com-----Original Message-----From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich MilburnSent: Friday, December 15, 2006 6:49 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPOYou may recall, there was a similar case when XP came out too - ifmemory serves, you had to manage XP GPO settings from an XP box - if youopened them on Win2K, there were problems (I can't recall now exactlywhat those problems were... it would corrupt the policy? Lose thesettings?) anyway so there are tons more settings (+ side) and you haveto use Vista for now (- side, sorta). I wouldn't be too surprised ifthey fix that with the next server and XP SP... but I haven't actuallyheard that.-----------------------------------------------------------------------Rich MilburnMCSE, Microsoft MVP - Directory ServicesSr Network Analyst, Field Platform DevelopmentApplebee's International, Inc.4551 W. 107th StOverland Park, KS 66207913-967-2819----------------------------------------------------------------------"I love the smell of red herrings in the morning" - anonymous-----Original Message-----From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-EliaSent: Thursday, December 14, 2006 4:13 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPOVista introduces a new Admin Template format called ADMX. These arefound on Vista in C:\windows\policydefinitions and, unfortuately cannotbe consumed by earlier versions of Windows. That is you must manageVista GP from Vista.Darren-----Original Message-----From: "Za Vue" To: ActiveDir@mail.activedir.orgSent: 12/14/2006 1:18 PMSubject: Re: [ActiveDir] Vista GPOSorry. Exactly what Ben wrote.Thanks..-Z.V.WATSON, BEN wrote:> Maybe he may be referring to the location of any possible new ADMfiles> included with Vista.>> -----Original Message-----> From: ActiveDir-owner@mail.activedir.org> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of DarrenMar-Elia> Sent: Thursday, December 14, 2006 10:34 AM> To: ActiveDir@mail.activedir.org> Subject: RE: [ActiveDir] Vista GPO >> What do you mean Za? I'm not familiar with any GPO plug-in for Win2K3,> unless you mean the LDIF files that are in sources\adprep on the Vista> CD?>> -----Original Message-----> From: ActiveDir-owner@mail.activedir.org> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Za Vue> Sent: Thursday, December 14, 2006 9:57 AM> To: ActiveDir@mail.activedir.org> Subject: [ActiveDir] Vista GPO >> Anyone know what and where the GPO plugin for Win2003 on the Vista DVD> is called and located?>> -Z.V.> List info : http://www.activedir.org/List.aspx> List FAQ : http://www.activedir.org/ListFAQ.aspx> List archive:http://www.mail-archive.com/activedir@mail.activedir.org/>> List info : http://www.activedir.org/List.aspx> List FAQ : http://www.activedir.org/ListFAQ.aspx> List archive:http://www.mail-archive.com/activedir@mail.activedir.org/> List info : http://www.activedir.org/List.aspx> List FAQ : http://www.activedir.org/ListFAQ.aspx> List archive:http://www.mail-archive.com/activedir@mail.activedir.org/>>> List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or anyattachments. This information is strictly confidential and may be subject toattorney-client privilege. This message is intended only for the use of the namedaddressee.If you are not the intended recipient of this message, unauthorizedforwarding,printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, youshould kindly notify the sender by reply e-mail and immediately destroy thismessage. Unauthorized interception of this e-mail is a violation of federalcriminallaw. Applebee's International, Inc. reserves the right to monitor and reviewthe content of all messages sent to and from this e-mail address. Messagessentto or from this e-mail address may be stored on the Applebee'sInternational,Inc. e-mail system.List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or anyattachments. This information is strictly confidential and may be subject toattorney-client privilege. This message is intended only for the use of the named addressee.If you are not the intended recipient of this message, unauthorized forwarding,printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, youshould kindly notify the sender by reply e-mail and immediately destroy thismessage. Unauthorized interception of this e-mail is a violation of federal criminallaw. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sentto or from this e-mail address may be stored on the Applebee's International,Inc. e-mail system.List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/

deji

Posts:140

12/15/2006 2:13 AM
v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} I'm sure that you are aware that LH is still many years away from significant adoption. We will see several intervening years between LH release and its reaching the mainstream. In the meantime, Vista would have become the de-facto desktop OS in place of XP (yes, I can dream). So, between now, then and when-ever, people will be needlessly handicapped in their ADM/ADMX decision making. I foresee a lot of gnashing of the teeth, more gripping, beaucoup "evil M$" rants, and other heart-burn-inducing misunderstandings. Nobody said it would be non-trivial. If it were, people like me will not need people like you. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Darren Mar-EliaSent: Fri 12/15/2006 10:21 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPO Come on Deji—its exactly the same, else why in the world do we upgrade perfectly good IT systems? J Folks can manage their GP from DCs when Longhorn ships. Until then, its Vista. Also, it would fairly trivial, if not time-consuming, to convert all those ADMXs in Vista back to ADMs. There is nothing technically preventing that. But, it is not trivial to back-port the other new Vista functionality, like published printers, wired policy, the new IPSec and Firewall stuff, back to older versions. You wouldn’t need to back-port all of it—just enough to support GP Editing, but still, it’s a lot of work and MS, like most other software companies, probably needs to make the hard call about where to put dev and testing resources. I agree that its not ideal, but I don’t think having to manage GP from Vista for the intervening space of time until Longhorn ships is a terrible thing. It will probably take most orgs that much time to decide when to go to Vista anyway. And for the aggressive ones, Vista is not a bad choice for a management platform. I think the benefits of the central store and other improvements outweigh the medium term inconvenience. I am curious, however, what others think. Darren From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, DejiSent: Friday, December 15, 2006 9:39 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPO >>> People don't seem to have a problem with that concept when it comes to game consoles :) Bad analogy. Go stand in the corner, no wii for you :) When people start running their businesses on game consoles, then you can come back and compare. For now, it's just plain incomprehensible that you can't manage ADMX from anything but Vista. Yeah, ideally we would want to encourage clients to NOT manage things directly from servers, and to ensure that IF they are going to introduce Vista, the IT folks' machines should be doing the dog-fooding, but realistically, the "ideal" is always the exception in this field. Microsoft should know that. People will insist on managing GPO directly from the DCs, best practices be damned. Sincerely, _____ (, / \| /) /) /) /---\| (/_ ______ ___// _ // _ ) / \|_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Darren Mar-EliaSent: Fri 12/15/2006 9:18 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPO I hear you Rich. I had a long discussion with someone on the GP newsgroupswho thought that the fact that XP and 2003 couldn't read Vista GP settingswas an abomination and a scandal of the highest order and that MS should bebeaten for their insolence (I'm paraphrasing :-)). But, yes, we should allbe used to the fact that sometimes, you have to adopt the new stuff to getthe new toys. People don't seem to have a problem with that concept when itcomes to game consoles :)Darren-----Original Message-----From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich MilburnSent: Friday, December 15, 2006 9:04 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPOSorry, I understand it's different, what I meant was merely that we hadsome growing pains like this when XP first came out. Our practice thenbecame to use only XP desktops for GP management. I think there's atendency to think this is such a terrible thing, thisbackwards-incompatibility, and we might forget that Vista is not newwith this, we had similar issues before. And who remembers theteeth-pulling to get people to move to Active Directory??-----------------------------------------------------------------------Rich MilburnMCSE, Microsoft MVP - Directory ServicesSr Network Analyst, Field Platform DevelopmentApplebee's International, Inc.4551 W. 107th StOverland Park, KS 66207913-967-2819----------------------------------------------------------------------"I love the smell of red herrings in the morning" - anonymous-----Original Message-----From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-EliaSent: Friday, December 15, 2006 10:05 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPOThis is actually a little different because if you view a GPO that wascreated with Vista, using XP or 2003, none of the ADMX settings canactuallybe read at all, because they are a completely new format that GPEditororGPMC on those older platforms don't understand. In fact, those XP or2003will happily copy up the ADMs into the Vista GPO like they used to do,andyou're back to each GPO storing ADMs in SYSVOL. What I've beenrecommendingto folks is that once you introduce Vista desktops into yourenvironment,use Vista for all your ongoing GP management. The Vista ADMXs are asupersetof the latest and greatest ADMs (i.e. they include 2003, XP and Vistasettings) so you can happily manage Vista and non-Vista targeted GPsettingsfrom a Vista machine.DarrenDarren Mar-EliaCTO & Founderwww.sdmsoftware.comdarren@sdmsoftware.com-----Original Message-----From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich MilburnSent: Friday, December 15, 2006 6:49 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPOYou may recall, there was a similar case when XP came out too - ifmemory serves, you had to manage XP GPO settings from an XP box - if youopened them on Win2K, there were problems (I can't recall now exactlywhat those problems were... it would corrupt the policy? Lose thesettings?) anyway so there are tons more settings (+ side) and you haveto use Vista for now (- side, sorta). I wouldn't be too surprised ifthey fix that with the next server and XP SP... but I haven't actuallyheard that.-----------------------------------------------------------------------Rich MilburnMCSE, Microsoft MVP - Directory ServicesSr Network Analyst, Field Platform DevelopmentApplebee's International, Inc.4551 W. 107th StOverland Park, KS 66207913-967-2819----------------------------------------------------------------------"I love the smell of red herrings in the morning" - anonymous-----Original Message-----From: ActiveDir-owner@mail.activedir.org[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-EliaSent: Thursday, December 14, 2006 4:13 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista GPOVista introduces a new Admin Template format called ADMX. These arefound on Vista in C:\windows\policydefinitions and, unfortuately cannotbe consumed by earlier versions of Windows. That is you must manageVista GP from Vista.Darren-----Original Message-----From: "Za Vue" To: ActiveDir@mail.activedir.orgSent: 12/14/2006 1:18 PMSubject: Re: [ActiveDir] Vista GPOSorry. Exactly what Ben wrote.Thanks..-Z.V.WATSON, BEN wrote:> Maybe he may be referring to the location of any possible new ADMfiles> included with Vista.>> -----Original Message-----> From: ActiveDir-owner@mail.activedir.org> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of DarrenMar-Elia> Sent: Thursday, December 14, 2006 10:34 AM> To: ActiveDir@mail.activedir.org> Subject: RE: [ActiveDir] Vista GPO >> What do you mean Za? I'm not familiar with any GPO plug-in for Win2K3,> unless you mean the LDIF files that are in sources\adprep on the Vista> CD?>> -----Original Message-----> From: ActiveDir-owner@mail.activedir.org> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Za Vue> Sent: Thursday, December 14, 2006 9:57 AM> To: ActiveDir@mail.activedir.org> Subject: [ActiveDir] Vista GPO >> Anyone know what and where the GPO plugin for Win2003 on the Vista DVD> is called and located?>> -Z.V.> List info : http://www.activedir.org/List.aspx> List FAQ : http://www.activedir.org/ListFAQ.aspx> List archive:http://www.mail-archive.com/activedir@mail.activedir.org/>> List info : http://www.activedir.org/List.aspx> List FAQ : http://www.activedir.org/ListFAQ.aspx> List archive:http://www.mail-archive.com/activedir@mail.activedir.org/> List info : http://www.activedir.org/List.aspx> List FAQ : http://www.activedir.org/ListFAQ.aspx> List archive:http://www.mail-archive.com/activedir@mail.activedir.org/>>> List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or anyattachments. This information is strictly confidential and may be subject toattorney-client privilege. This message is intended only for the use of the namedaddressee.If you are not the intended recipient of this message, unauthorizedforwarding,printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, youshould kindly notify the sender by reply e-mail and immediately destroy thismessage. Unauthorized interception of this e-mail is a violation of federalcriminallaw. Applebee's International, Inc. reserves the right to monitor and reviewthe content of all messages sent to and from this e-mail address. Messagessentto or from this e-mail address may be stored on the Applebee'sInternational,Inc. e-mail system.List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or anyattachments. This information is strictly confidential and may be subject toattorney-client privilege. This message is intended only for the use of the named addressee.If you are not the intended recipient of this message, unauthorized forwarding,printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, youshould kindly notify the sender by reply e-mail and immediately destroy thismessage. Unauthorized interception of this e-mail is a violation of federal criminallaw. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sentto or from this e-mail address may be stored on the Applebee's International,Inc. e-mail system.List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive: http://www.mail-archive.com/activedir@mail.activedir.org/

laurarobinson User is Offline

Posts:96

12/15/2006 2:26 AM

And
it's the clueful customers who (rightly) become angry when something in a
product that exists purely for backward compatibility opens a security hole.
Now, I'm not saying that all security holes are due to backward compatibility,
and I'm not saying that every bit of code that comes out of Redmond is perfect.
However, I have said for years that many of the things that people don't like
about Microsoft's products are the result of backward compatibility, not bad
coding or a lack of consideration on the part of Microsoft's programmers. As
somebody else (Darren? Richard?) said, there is a point where a line has to be
drawn in the sand. I personally don't see anything dictatorial about requiring a
Vista+ machine to edit *VISTA* policies. I mean, seriously, if you're writing
Vista GPOs, that would imply that you're using Vista machines, and if you're
using Vista machines, what is the issue with using one of those Vista machines
as your editing workstation? I think that that *IS* a very pragmatic, realistic
approach.

Sorry,
I just don't follow your logic on this one.

That
said, my opinions are purely my own, do not represent those of my employer, are
not intended to represent those ofmy employer and for all I know, may even
pi$$ off my employer. :-)

Laura

From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe,
DejiSent: Friday, December 15, 2006 1:42 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista
GPO

I wouldn't put it in those
words. But, yeah, I would expect Microsoft to be... shall we say...pragmatic,
realistic. Something like, "enable" its customers to run their businesses. I
mean,refrain from "dictating" its wishes. You know? Because at the end
of the day, it is the "clueless customers" that actually write the checks that
add up to those billions in the vault.

Sincerely,
_____
(, / |
/)
/) /) /---|
(/_ ______ ___// _ // _ )
/ |_/(__(_) //
(_(_)(/_(_(_/(__(/_(_/
/)

(/ Microsoft MVP - Directory
Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you
were worried about Yesterday?
-anon

From: Laura A. RobinsonSent: Fri
12/15/2006 10:19 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista
GPO

So
Microsoft should encourage their bad practices?

Laura

From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe,
DejiSent: Friday, December 15, 2006 12:39 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista
GPO

>>> People don't
seem to have a problem with that concept when it comes to game consoles
:)

Bad analogy. Go stand in the corner, no
wii for you :)

When people start running their
businesses on game consoles, then you can come back and compare. For now,
it's just plain incomprehensible that you can't manage ADMX from anything
but Vista. Yeah, ideally we would want to encourage clients to NOT manage
things directly from servers, and to ensure that IF they are going to
introduce Vista, the IT folks' machines should be doing the dog-fooding, but
realistically, the "ideal" is always the exception in this field. Microsoft
should know that. People will insist on managing GPO directly from the DCs,
best practices be damned.

Sincerely,
_____
(, / |
/)
/) /) /---|
(/_ ______ ___// _ // _ )
/ |_/(__(_) //
(_(_)(/_(_(_/(__(/_(_/
/)

(/ Microsoft MVP - Directory
Serviceswww.akomolafe.com- we know
IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

From: Darren Mar-EliaSent: Fri
12/15/2006 9:18 AMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Vista
GPO
I hear you Rich. I had a long discussion with someone on the GP newsgroups
who thought that the fact that XP and 2003 couldn't read Vista GP settings
was an abomination and a scandal of the highest order and that MS should be
beaten for their insolence (I'm paraphrasing :-)). But, yes, we should all
be used to the fact that sometimes, you have to adopt the new stuff to get
the new toys. People don't seem to have a problem with that concept when it
comes to game consoles :)

Darren

-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich Milburn
Sent: Friday, December 15, 2006 9:04 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista GPO

Sorry, I understand it's different, what I meant was merely that we had
some growing pains like this when XP first came out. Our practice then
became to use only XP desktops for GP management. I think there's a
tendency to think this is such a terrible thing, this
backwards-incompatibility, and we might forget that Vista is not new
with this, we had similar issues before. And who remembers the
teeth-pulling to get people to move to Active Directory??

-----------------------------------------------------------------------
Rich Milburn
MCSE, Microsoft MVP - Directory Services
Sr Network Analyst, Field Platform Development
Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819
----------------------------------------------------------------------
"I love the smell of red herrings in the morning" - anonymous
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia
Sent: Friday, December 15, 2006 10:05 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista GPO

This is actually a little different because if you view a GPO that was
created with Vista, using XP or 2003, none of the ADMX settings can
actually
be read at all, because they are a completely new format that GPEditor
or
GPMC on those older platforms don't understand. In fact, those XP or
2003
will happily copy up the ADMs into the Vista GPO like they used to do,
and
you're back to each GPO storing ADMs in SYSVOL. What I've been
recommending
to folks is that once you introduce Vista desktops into your
environment,
use Vista for all your ongoing GP management. The Vista ADMXs are a
superset
of the latest and greatest ADMs (i.e. they include 2003, XP and Vista
settings) so you can happily manage Vista and non-Vista targeted GP
settings
from a Vista machine.

Darren

Darren Mar-Elia
CTO & Founder
www.sdmsoftware.com
darren@sdmsoftware.com

-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rich Milburn
Sent: Friday, December 15, 2006 6:49 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista GPO

You may recall, there was a similar case when XP came out too - if
memory serves, you had to manage XP GPO settings from an XP box - if you
opened them on Win2K, there were problems (I can't recall now exactly
what those problems were... it would corrupt the policy? Lose the
settings?) anyway so there are tons more settings (+ side) and you have
to use Vista for now (- side, sorta). I wouldn't be too surprised if
they fix that with the next server and XP SP... but I haven't actually
heard that.

-----------------------------------------------------------------------
Rich Milburn
MCSE, Microsoft MVP - Directory Services
Sr Network Analyst, Field Platform Development
Applebee's International, Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819
----------------------------------------------------------------------
"I love the smell of red herrings in the morning" - anonymous
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren Mar-Elia
Sent: Thursday, December 14, 2006 4:13 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Vista GPO

Vista introduces a new Admin Template format called ADMX. These are
found on Vista in C:\windows\policydefinitions and, unfortuately cannot
be consumed by earlier versions of Windows. That is you must manage
Vista GP from Vista.

Darren

-----Original Message-----
From: "Za Vue"
To: ActiveDir@mail.activedir.org
Sent: 12/14/2006 1:18 PM
Subject: Re: [ActiveDir] Vista GPO

Sorry. Exactly what Ben wrote.

Thanks..

-Z.V.

WATSON, BEN wrote:
> Maybe he may be referring to the location of any possible new ADM
files
> included with Vista.
>
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Darren
Mar-Elia
> Sent: Thursday, December 14, 2006 10:34 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Vista GPO
>
> What do you mean Za? I'm not familiar with any GPO plug-in for Win2K3,
> unless you mean the LDIF files that are in sources\adprep on the Vista
> CD?
>
> -----Ori

Syndicate

Friends

List Archives

List Archives