It is possible to run Group Policy Preferences on a Windows Server 2003 Domain. This post will step you through the process so you can get it deployed in your organization if you have not yet upgraded your domain to Windows Server 2008. I am a huge fan of Windows Server 2008 so if you have the capability to upgrading one of your domain controllers to 2008, that would be my preference. However, there are cases where upgrading the domain is a drawn out technical or political process so I wanted to share "instructions" on how to make this great technology work with a 2003 Domain.
Turning On Group Policy Preferences on Windows Vista SP1
The first thing you need to do is download and install Remote Server Administration Tools (KB941314) onto a Windows Vista SP1 machine with all patches installed. This will install the GPMC components. Notice when you do the install, it puts the bits on the workstation but it does not install them. You have to go to ... Start\Control Panel\Programs and Features\Turn Windows Features On and Off. Scroll down the list and expand "Remote Server Administration Tools"; Expand "Feature Administration Tools"; Turn on "Group Policy Management Tools". It is the installation of Remote Server Administration Tools (KB941314) that installs these components so if it is not in your list something was not successful with your prior installation.
Install Group Policy Preferences in Windows Server 2008 Client Side Extensions
Finally, you need to install the Group Policy Preferences in Windows Server 2008 Client Side Extensions. I highly recommend you deploy this using WSUS or other software deployment mechanism to make sure they are deployed for all clients that need to "apply" preferences. Especially if these preferences will be used to lock down security. The way to use preferences to "lock down" a machine is to simply use it to change the settings to what you want them to be and then use Group Policy to prevent users from being able to change them. (ie. change a registry key in preferences and then do not allow users access to the registry with policy).
Now that you have successfully installed the tools, you can open it up with the Group Policy Management Tools MMC snap-in which is located at Start\Control Panel\Administrative Tools\Group Policy Management Tools. Expand your forest, expand domains, expand your domain name, expand group Policy Objects then Right-Click on one of the policies and select Edit. This will bring up the Group Policy Management Editor. You will now see preferences and be able to make changes to them.
I have created a recording of these steps so you can see these steps in action. Please let me know what you think of this post. If there are other topics you would like to see, please let me know.
Download it here! http://mschnlnine.vo.llnwd.net/d1/inetpub/danstolts/Installing_Group_Policy_Preferences_on_Windows_Server_2003_Domain_By_Dan_Stolts.wmv If you have a problem opening, try right clicking it and saving to your computer and then running it. This is a short 9 minute video walk-through of the steps to install group policy preferences on a windows server 2003 domain using a windows vista workstation. I will put the video in a frame so you can stream it in the next couple of days so check back if you want to play it online instead of downloading it.
If you want to a walk-through on setting a preference check out Disable Adding USB Drive and Memory Sticks via Group Policy and Group Policy Preferences
I've actually been using this same setup in my environment to allow me to access the newer GP Preferences... I'm curious, though, if you believed prepping our 2003 DC's for the 2008 schema is a more solid-approach than just trusting the ClientSideExtensions on our 2003 server. I'm looking at sites like: http://ts2blogs.com/blogs/rwagg/archive/2008/06/25/extend-your-server-2003-active-directory-schema-for-windows-vista-and-server-2008.aspx and http://technet.microsoft.com/en-us/library/cc771461.aspx
I currently have a domain similar to your example but the Group Policy enhancements simply dont work. Group policy complaint with server 2003 does work. Any ideas? I have a server 2003 domain and a server 2008 R2 box.
You said in your statement that you will show hot it works on 2033 Domain, but from your examples you used Vista and 2008 Server.???
We have 2003 Server and XP clients SP3?
--- Dan Stolts
You have to have one Windows 7 or 2008/2008 R2 machine that you use to set the policy. You can do it on a 2003 domain but you have to have a new OS to configure the Group Policy Preferences
Can windows 7 join my windows 2003 server domain?
I can't get this to work. I have a win2003 domain, a print queue that is on a Win2008 server, and windows 7 (and XP) workstations. I have been able to push out the printers, but I can't get the default printer to set. Not so concerned on the xp machines as those hold the default printer set in the profile. But Windows 7 machines don't set a default printer... so programs default to MS XPS Document Writer.
I have wasted a morning trying to get a default printer to set with no success!
Great info, Dan, Thanks!
This looks exactly like what i am looking for. one question, when you said "you need to install the Group Policy Preferences in Windows Server 2008 Client Side Extensions," I was curious about clarification. where am i getting this preference (IE created after you set up the GP?) and deployment for dummies would be great too!
I guess to further clarify, I have been unable to locate similar client extensions for Windows 7 and was wondering if the Vista extensions would work or if there is another work around.