1
00:00:03,080 --> 00:00:08,180
So let's move on from our initial discussion of administrative templates and talk about how those things

2
00:00:08,210 --> 00:00:09,130
get populated.

3
00:00:10,010 --> 00:00:14,420
The policy options that you see in the ED, where do those come from?

4
00:00:15,260 --> 00:00:21,470
Well, in fact, they have a long history of being provided by what are called AD Amex or ads templates.

5
00:00:22,310 --> 00:00:27,830
What you see in the GP ed under that administrative templates node, all those different subfolders

6
00:00:27,830 --> 00:00:32,960
are generated dynamically based on the admixture template files that exist on your system.

7
00:00:33,830 --> 00:00:38,900
And those files live in the file system on every Windows system in this C Colon Backslash.

8
00:00:38,900 --> 00:00:41,510
Windows Backslash Policy Definitions folder.

9
00:00:42,430 --> 00:00:45,460
They have essentially changed very little over the years.

10
00:00:46,330 --> 00:00:52,180
But starting in Windows Vista and Server 2008, Microsoft moved the format of those files from simple

11
00:00:52,180 --> 00:00:56,950
text files where both the policy registry entry definitions and the strings that you see.

12
00:00:56,950 --> 00:01:04,120
The words that you see in editor were combined in one file in the EDM world to this new world of Adam

13
00:01:04,120 --> 00:01:09,070
X Files where the Adam X file contains the registry values that need to be supported.

14
00:01:09,930 --> 00:01:15,270
And the ADMA file the file which the DOT an extension contains localized strings.

15
00:01:16,200 --> 00:01:21,570
So depending on which language version of Windows you're running, what you'll see in editor will be

16
00:01:21,570 --> 00:01:23,340
localized policy settings.

17
00:01:24,300 --> 00:01:29,550
So if you're on a French version of Windows, you'll see French text appearing under admin templates.

18
00:01:30,450 --> 00:01:34,380
Or if you're in on an English version of Windows, you'll see English text.

19
00:01:35,310 --> 00:01:40,890
So the Adam X format, which is now also XML, makes it a lot easier and more flexible when it comes

20
00:01:40,890 --> 00:01:46,350
to supporting multiple languages and multiple sources of information from a sort of design perspective.

21
00:01:47,220 --> 00:01:52,860
But the bottom line is that Adam X Files and just like Adam files before them were the things that drive

22
00:01:52,860 --> 00:01:54,420
what you see in editor.

23
00:01:55,350 --> 00:01:58,410
So let's look at a little bit more depth into these things.

24
00:01:59,370 --> 00:02:05,160
So this is just a screenshot of the C colon backslash windows backslash policy definitions folder on

25
00:02:05,160 --> 00:02:06,420
one of my test machines.

26
00:02:07,350 --> 00:02:09,810
And you'll see all these Adam X files.

27
00:02:10,710 --> 00:02:17,610
There's 176 Adam X files that Microsoft ships out of the box in this particular version of Windows.

28
00:02:18,480 --> 00:02:21,960
And I can add to this depending on what I'm trying to control.

29
00:02:22,840 --> 00:02:28,600
In addition, if I drill into this, you'll see a subfolder called in U.S. and that stands for English

30
00:02:28,600 --> 00:02:29,140
U.S..

31
00:02:30,020 --> 00:02:36,200
And in that subfolder, all the admin files, there's one admin file for each add amex file.

32
00:02:37,060 --> 00:02:43,930
And it contains those ADL files contain the language specific strings that get populated into the editor

33
00:02:43,930 --> 00:02:45,100
when these things are loaded.

34
00:02:46,030 --> 00:02:49,360
So how does this correspond really to what you see?

35
00:02:50,260 --> 00:02:56,200
So what I've done is I've taken a screenshot of the management editor and drilled in under Windows components,

36
00:02:56,200 --> 00:02:58,810
within admin templates and auto play policies.

37
00:02:59,650 --> 00:03:03,250
And there's a set of four options on the right hand side of the screen.

38
00:03:04,120 --> 00:03:09,940
How this actually gets created and populated is driven by the contents of the auto playground file.

39
00:03:10,810 --> 00:03:17,470
So that auto play dot n's file gets loaded up when you load editor past, the XML is parsed, merged

40
00:03:17,470 --> 00:03:24,100
with the strings in the ADMA file and essentially turns into what you see in the editor, this folder

41
00:03:24,100 --> 00:03:29,110
that says auto play policies and the settings those four settings and they're options are all defined

42
00:03:29,110 --> 00:03:31,480
in those ads and ADMA files.

43
00:03:32,410 --> 00:03:35,800
Note that and I see this sort of confusion a lot.

44
00:03:36,670 --> 00:03:44,650
Adam X And ADMA files are only used by admin templates, settings, no other policy area be it security

45
00:03:44,650 --> 00:03:49,870
or GP preferences or internet explorer's maintenance or folder redirection.

46
00:03:50,740 --> 00:03:54,880
None of those other policy areas are controlled by Adam X Files.

47
00:03:55,780 --> 00:04:01,840
Only what you see under user configuration admin templates or computer configuration admin templates.

48
00:04:02,740 --> 00:04:08,920
Now this notion of having Adam X files driving what you see in editor is completely extensible.

49
00:04:09,790 --> 00:04:15,760
You can extend what you see in the editor by creating your own custom Adam X and ADMA files.

50
00:04:16,660 --> 00:04:23,440
Now again you can arbitrarily populate registry settings using these Adam X and ADMA files to define

51
00:04:23,440 --> 00:04:24,670
those registry settings.

52
00:04:25,540 --> 00:04:27,910
And in fact lots of third parties do this.

53
00:04:27,940 --> 00:04:35,050
Citrix Firefox, Mozilla, Google, Chrome, even other Microsoft products like Microsoft Office provide

54
00:04:35,050 --> 00:04:38,500
their own Adam X files that let you configure those products.

55
00:04:39,370 --> 00:04:44,380
And it's important to recognize that when you write your own, it has to follow the proper schema and

56
00:04:44,380 --> 00:04:46,000
format for Adam X.

57
00:04:46,900 --> 00:04:52,600
And in order to do that, you would typically use some kind of you could certainly use notepad or something

58
00:04:52,600 --> 00:04:53,980
that creates text files.

59
00:04:54,860 --> 00:04:58,580
But Microsoft has a free tool called Adam X My Greater.

60
00:04:59,490 --> 00:05:07,170
Its initial role in life was to let you migrate or convert EDM files in the old Windows XP days to Adam

61
00:05:07,170 --> 00:05:07,830
X Files.

62
00:05:08,010 --> 00:05:12,420
But it also has an authoring editor that you can use to sort of jumpstart writing these things.

63
00:05:13,310 --> 00:05:18,110
And again it's you can configure any registry value using ad amex.

64
00:05:19,030 --> 00:05:23,920
But if it's in, not in one of those four non tattooing registry keys that get removed each time admin

65
00:05:23,920 --> 00:05:29,560
template policy is processed, then anything you can figure via adma will tattoo the registry.

66
00:05:30,460 --> 00:05:32,260
So that's just something to keep in mind.

67
00:05:32,260 --> 00:05:36,040
You know, that you're free to create these custom DMX files.

68
00:05:36,950 --> 00:05:42,200
But they don't necessarily fall into the non tattooing behavior unless the application that you're trying

69
00:05:42,200 --> 00:05:46,700
to configure or control will look in those four keys for their configuration settings.

70
00:05:47,630 --> 00:05:53,540
So I mentioned that admixture and ADMA files by default are stored on the local workstation undersea

71
00:05:53,540 --> 00:05:53,930
colon.

72
00:05:53,930 --> 00:05:56,690
Colin Backslash Windows backslash policy definitions.

73
00:05:57,590 --> 00:06:04,100
So each person that runs editor will consult that directory as ED comes up to build the tree of stuff

74
00:06:04,100 --> 00:06:05,930
that you see under admin templates.

75
00:06:06,830 --> 00:06:12,080
Now there is the facility to do something called the Admin Central Store, and a central store is really

76
00:06:12,080 --> 00:06:18,200
just a copy of all the local DMC's and ADMA files stored in the system folder that's replicated to every

77
00:06:18,200 --> 00:06:20,870
domain controller in an Active Directory domain.

78
00:06:21,730 --> 00:06:27,580
And specifically you would copy the contents of your C colon backslash windows backslash policy definitions

79
00:06:27,580 --> 00:06:33,220
folder to this folder structure under backslash backslash domain name backslash sizable backslash domain

80
00:06:33,220 --> 00:06:34,690
name backslash policies.

81
00:06:34,690 --> 00:06:36,490
Backslash Policy Definitions.

82
00:06:37,360 --> 00:06:42,940
And once you do that, everyone in the domain that's editing GPOs were viewing or reporting on GPOs

83
00:06:42,940 --> 00:06:50,590
using PMC and editor will refer to that so it essentially overrides what you have undersea colon backslash

84
00:06:50,590 --> 00:06:55,090
window backslash policy definitions and everyone uses the same adma x files.