So while Microsoft jamming Windows 10 down your throat by forcing computers to update, IT departments are scrambling to update their network policies and servers to manage it. Well we recently had to research and do some upgrades to account for the new operating system. Unfortunately, in the Microsoft fashion, they released the the OS without the server version ready, so there’s no native way to quickly manage your policies for the computers. However, with a little work you can manage all the settings that Windows 10 has to offer (which is a lot!).
Setup A Server 2012
We first started by implementing a Windows Server 2012 (not R2) on our network and promoted it to a Domain Controller. Implementing it was very easy. Microsoft basically does it all for you when you add the role. The longest part is running Windows Update on the server and having it reboot every time. You should be able to complete this with a server 2008 R2 domain controller but having a Server 2012 added a few features (Server Manager – ability to manage and track server health from one location) was also a driving factor to implement this.
Upgrade Domain Function Level
You are going to want to update your domain function level to 2008 R2. This can by done on a domain controller. Right click on your domain name under the Active Directory utility and select “Upgrade Domain Function Level”. You can only upgrade to what your lowest domain controller is so make sure your domain controllers are 2008 R2 or newer. If you are currently at 2003 domain function level, I would suggest going to 2008 (not R2) and wait a couple days for any issues to be worked out with any computers/servers on the domain. Then upgrade to 2008 R2.
Install Windows 10 Administrative Templates
So Microsoft has two versions of the Administrative Templates. I found I had to install both version but it took very little time, but does require a reboot of the server. The two install files can be found Here. Make sure you download both files because they include different features. Once you have downloaded them to your DC, you’ll want to run each msi. This will install the templates to C:\Program Files (x86)\Microsoft Group Policy\ and there will be two folders there (Windows 10 & Windows 10 version 1511). Inside each of those will be a folder called PolicyDefinitions with the new policies inside of that. Copy the contents of each to where your current policies are stored. If you go to \\server_name and see a folder called SYSVOL then you’re probably going to be placing them in there. Lets say you are… Select the SYSVOL folder and there should then be a folder with your domain name (domain_name.com). Select that and go into Policies and then PolicyDefinitions. Here you will past the contents you copied from C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions\. I would suggest only copying the ADMX files and the folder that is your language (Ex. English (US) = en-us). Ensure you have copied both folder from the C:\ and you will now have the templates installed. You will want to close out of all Group Policy utilities and re-open them. Then, go to create a new policy and you should see all your new policies in there. The SYSVOL folder is then replicated to your other Domain Controllers so you can manage policies there too.
If you don’t have a SYSVOL folder you can go in to your Group Policy utilities and create a new policy. Right click on Administrative Template (under computer or users) and select “Add New Template” and walk through the wizard.
While Microsoft hasn’t made it easy to manage Windows 10 they sure know how to force a product on their customers. Also, check out some policies we have set on our network to help manage security concerns on our network.
If you’ve found additional ways to prepare for Windows 10 and manage it on your network please let us know what you’ve found. Thanks for reading and don’t forget to click subscribe to follow us on future posts!