Windows 10 or Windows 11 GPO ADMX - Which one to use for your central store?


  • Staff
Hi community,

My name is Helmut Wagensonner. I’m a Customer Engineer at Microsoft and this blog should help you to understand, which Administrative Templates (admx) to choose for your Windows 11 / Windows 10 mixed environment.

Remember how it was before Windows 11 was released? You simply downloaded the latest ADMX templates, copied it to your central store and you were able to configure all the new settings in the Group Policy editor. You did not have to think about older Windows versions because the ADMX templates were backwards-compatible. Well, they still are, but they are different now for Windows 10 and Windows 11.

As long as we support Windows 10 it could occur that new Windows 10 features are not reflected in Windows 11 ADMX files and vice versa. The table at the end of this article shows the differences between the Win10 and Win11 templates (as of Dec 16, 2021).

So what to do if you have a mixed environment of both client operating systems? Well, fact is that you can only copy one set of ADMX files to your Active Directory’s Central Store. Depending on what your future plans are, you should decide which templates fit best. If you plan to stay on Windows 10 for a while, you should choose the Windows 10 ADMX files. If you’re ready to upgrade to Windows 11 and this will become your dominating OS version (or it already is), you should copy the Windows 11 ADMX files to your Central Store.

But can you configure new Windows 10 policies if your central store contains the Windows 11 ADMX files? Well, you can! You just need to do this from a separate client. The steps below explain the approach.
  • Install a client with Windows 10 21H2 (important!) operating system and join it to your domain.
  • Log on with an user with administrative rights.
  • Right-click on your start menu and choose “Apps and Features”

    large

  • Choose “Optional Features”

    large

  • Choose “Add a Feature”
    large

  • Search for “RSAT: Group Policy Management Tools” and click the “Install” button.

    large

  • After successful installation you will find a “Group Policy Management” item in the “Windows Administrative Tools” folder in your start menu.

    large

  • Open your Registry Editor and add following registry value:
    Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy
    Value: EnableLocalStoreOverride
    Type: REG_DWORD
    Data: 1

    large

  • Restart your computer and log on with a user account that has the right to edit domain Group Policy objects.
  • Run the “Group Policy Management” from your start menu and open the desired GPO for edit. The Administrative Templates should now be taken from the client’s local store instead of the central store.

    large
Following table illustrates the differences between Windows 10 21H2 and Windows 11 21H2 ADMX files.

ADMX nameScopeSettingAvailable only in
AppPrivacyComputerLet Windows apps take screenshots of various windows or displaysWindows 11
AppPrivacyComputerLet Windows apps turn off the screenshot borderWindows 11
AppxPackageManagerComputerArchive infrequently used appsWindows 11
AppxPackageManagerComputerDo not allow sideloaded apps to auto-update in the backgroundWindows 11
AppxPackageManagerComputerDo not allow sideloaded apps to auto-update in the background on a metered networkWindows 11
CloudContentComputerTurn off cloud consumer account state contentWindows 11
CloudContentUserTurn off Spotlight collection on DesktopWindows 11
ControlPanelDisplayComputerPrevent lock screen background motionWindows 11
DataCollectionComputerLimit Diagnostic Log CollectionWindows 11
DataCollectionComputerLimit Dump CollectionWindows 11
DeliveryOptimizationComputerDiscovery Mode: Local DiscoveryWindows 11
DnsClientComputerConfigure DNS over HTTPS (DoH) name resolutionWindows 11
EAIMEUserConfigure Korean IME versionWindows 11
FileSysComputerEnable NTFS non-paged pool usageWindows 11
FileSysComputerNTFS parallel flush thresholdWindows 11
FileSysComputerNTFS parallel flush worker threadsWindows 11
FileSysComputerConfigure NTFS default tierWindows 11
GlobalizationBothRestrict Language Pack and Language Feature InstallationWindows 11
InetResBothReplace JScript by loading JScript9Legacy in place of JScript via MSHTML/WebOC.Windows 11
NetlogonComputerUse lowercase DNS host names when registering domain controller SRV recordsWindows 11
NewsAndInterestsComputerAllow News and InterestsWindows 11
SamComputerConfiguration settings for the Security Account ManagerWindows 11
SensorsComputerForce instant WakeWindows 11
SensorsComputerForce instant LockWindows 11
SensorsComputerConfigure Lock TimeoutWindows 11
StartMenuBothLocked Start Layout: Re-Apply Layout at every logonWindows 11
StartMenuBothShow or hide "Most used" list from Start menuWindows 11
TaskBarComputerConfigure the Chat icon on the taskbarWindows 11
TenantRestrictionsComputerConfigure Cloud Policy DetailsWindows 11
TerminalServerComputerEnable auto-subscriptionWindows 11
TerminalServerComputerDo not allow location redirectionWindows 11
TerminalServerComputerAllow UI Automation redirectionWindows 11
WindowsDefenderComputerConfigure scheduled task times randomization windowWindows 11
WindowsDefenderComputerDefine the directory path to copy support log filesWindows 11
WindowsDefenderComputerConfigure IP Address ExclusionsWindows 11
WindowsDefenderComputerTurn on script scanningWindows 11
WindowsDefenderComputerAllow Microsoft Defender Antivirus to update and communicate over a metered connectionWindows 11
WindowsDefenderComputerConfigure Network Protection to be allowed to be configured into block or audit mode on Windows ServerWindows 11
WindowsDefenderComputerControl datagram processing for network protectionWindows 11
SandboxComputerAllow vGPU sharing for Windows SandboxWindows 11
SandboxComputerAllow networking in Windows SandboxWindows 11
SandboxComputerAllow audio input in Windows SandboxWindows 11
SandboxComputerAllow video input in Windows SandboxWindows 11
SandboxComputerAllow printer sharing with Windows SandboxWindows 11
SandboxComputerAllow clipboard sharing with Windows SandboxWindows 11
WindowsUpdate<Changes in folder structure>Windows 11


ADMX nameScopeSettingAvailable only in
DataCollectionBothAllow Telemetry: EnhancedWindows 10
DeliveryOptimizationComputerDownload Mode: BypassWindows 10
EAIMEUserTurn on Live StickerWindows 10
EAIMEUserTurn on lexicon updateWindows 10
InetResBothTurn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objectsWindows 10
InetResBothReset zoom to default for HTML dialogs in Internet Explorer modeWindows 10
MicrosoftEdgeBothSuppress the display of Edge Deprecation NotificationWindows 10
PrintingComputerLimit print driver installation to AdministratorsWindows 10
TerminalServerComputerSet the Remote Desktop licensing mode: AAD per UserWindows 10
WindowsDefenderComputerScan packed executablesWindows 10

Further resources you might find useful:

GPO Settings Reference Spreadsheet for Windows 10 21H2
Download Group Policy Settings Reference Spreadsheet for Windows 10 November 2021 Update [21H2] from Official Microsoft Download Center

GPO Settings Reference Spreadsheet for Windows 11 21H2
Download Group Policy Settings Reference Spreadsheet for Windows 11 October 2021 Update (21H2) from Official Microsoft Download Center

ADMX templates for Windows 10 21H2
Download Administrative Templates (.admx) for Windows 10 November 2021 Update [21H2] from Official Microsoft Download Center

ADMX templates for Windows 11 21H2
Download ADMX Templates for Windows 11 October 2021 Update [21H2] from Official Microsoft Download Center


Source:
 

Attachments

  • MMC.png
    MMC.png
    7.8 KB · Views: 0
Last edited:

Latest Support Threads

Back
Top Bottom