Windows 10 ADMX: 4 Tips for Super Awesome Settings
Windows 10 ADMX files are like the brain of Administrative Templates. It’s what the Group Policy Editor uses to apply your GPOs. The more you master ADM/ADMX, the more control and power you’ll have with Group Policy. Here are 4 tips that will make your Windows 10 ADMX settings super awesome.
What Are ADMX Files?
Windows 10 ADMX files work behind the scenes to support Administrative Templates. If you use Group Policy today, you’ve undoubtedly used Administrative Templates to create many of your GPOs. So exactly what are ADMX files? ADMX files are XML-based files that provide registry-based settings to the Group Policy Editor. They enable you to choose the particular Group Policy settings you wish to implement. Additionally, Microsoft regularly releases new ADMX files to support each new native application or Windows 10 version release. Besides Microsoft, some third-party software companies offer ADMX files for their applications as well.
ADMX files and Group Policy Editor form a powerful partnership. Together, they provide a simple and effective way to deliver managed settings throughout your enterprise. Nevertheless, Windows 10 ADMX files don’t offer the power you need in every scenario.
Here are some examples:
- You utilize third-party applications that don’t use ADMX files
- You have devices that stay off-prem much of the time
- MDM exclusively manages your Windows devices
- Not all of your devices are domain joined
Windows 10 ADMX vs. Group Policy
Microsoft introduced ADMX files with the release of Windows 2008, but the world has changed a lot since that time. Previously, the typical enterprise consisted of domain-joined computers that stayed on-prem other than a few laptops. Now, enterprises are hybrid conglomerates of domain joined and non-domain joined devices. However, Group Policy doesn’t work in non-domain joined scenarios and gets left behind.
Today, MDM enrolls most of the non-domain joined devices. If you use Microsoft Intune, you probably noticed that Microsoft recently included ADMX templates known as “Administrative Templates” profiles). In spite of Intune’s Administrative Templates, their ADMX settings coverage falls well short of Group Policy.
Windows 1- ADMX Comparison: Group Policy vs. MDM
| Settings | Count |
|---|---|
| Computer Side ADMX Settings shared by Group Policy and Intune | 655 |
| User Side ADMX Settings shared by Group Policy and Intune | 232 |
| Computer Side ADMX Settings only in Group Policy | 1,813 |
| User Side ADMX Settings only in Group Policy | 1,499 |
4 Tips for Super Awesome Windows 10 ADMX Settings
I’m sure you’re wondering if it’s possible to utilize ADMX files regardless of domain status or location. The answer is a resounding – YES! Here are four ways you can maximize ADMX settings for Windows computers. Furthermore, you’ll learn how to overcome some of the weaknesses that have always plagued ADMX-based Group Policy settings.
1. Import Windows 10 ADMX Settings into Non-domain Environments
Your MDM solution may not have a central store to import all of your utilized ADMX files. However, you can leverage any Group Policy setting with Administrative Templates. Additionally, you can bring those directives into your MDM environment using PolicyPak MDM Edition.
Windows 10 ADMX files are only used to create policies, not deploy them. Nevertheless, PolicyPak provides the ability to configure any Windows in-the-box ADMX setting as is shown below.
What happens when you need to deliver Windows 10 ADMX settings to your MDM enrolled devices? With PolicyPak MDM Edition, you can export any Group Policy Administrative Template setting (or Group Policy Preferences or Group Policy Security setting) and import it to your MDM solution.
Maybe you have remote machines out there that are rarely on-prem or maybe aren’t joined or enrolled in anything — not an issue. With PolicyPak Cloud Edition, you can deliver ADMX based policies to any internet connected machine. As a result, machines receive updated policies whenever they are connected.
2. Manage Applications That Don’t Use Windows 10 ADMX Files
I’m sure you wish that every application was well managed and had ADMX settings. However, that’s not going to happen. Fortunately, PolicyPak lets you manage the complete array of settings for your desktop applications whether they have Windows 10 ADMX files or not. With PolicyPak Application Manager, you can configure, deploy and lockdown settings for applications such as Java, Firefox, Adobe Reader and more than 300 others. If you create policies using Group Policy Editor, then you will barely have a learning curve using PolicyPak.
That’s because PolicyPak simply utilizes the same editor you already know. Simply create a GPO, edit it and choose the PolicyPak Suite Component to create your desired policy. In the image below, we have created a policy to manage Chrome settings.
3. Apply User Settings on to Computer Side Policies
In the examples above, we’ve shown you how PolicyPak can maximize the reach of your Windows 10 ADMX driven policies. On the other hand, Administrative Template policies have always had some inherent limitations and shortcomings. If you know that GPOs can apply to either the computer side or user side, you probably know that there are settings available on the user side that aren’t available on the computer side. That’s too bad because there are some computers such as kiosks, lab machines or conference room computers that we’d all like to apply with user-side settings.
With PolicyPak ADMX Templates Manager, you create a computer-side policy that uses Windows 10 ADMX settings from the user-side, computer-side, or both. Take a closer look at the image below to see the available options.
One of our favorite superpowers to demonstrate with regards to using Administrative Templates is how to ensure that only some computers get a screen saver policy when other computers do not. To see how that works, check out the video below:
4. Apply Item-level Targeting to Windows 10 ADMX Policies
If you work with Group Policy, you know the value of using Group Policy Preferences. GPP gives you the ability to configure many more settings than Administrative Templates does and provides a GUI interface to boot. Furthermore, If you work with Group Policy, you know the value of using Group Policy Preferences. GPP gives you the ability to configure many more settings than Administrative Templates does and provides a GUI interface to boot. It also incorporates Item Level Targeting. This feature gives you the ability to assign policies with more granularity based on specified conditions such as group membership, subnet, operating system or form factor. Why is Item Level Targeting limited to just GPPrefs though?
Well, with PolicyPak Administrative Manager, it isn’t. You get the same selection of granular conditions for all policies with PolicyPak. The image below illustrates a typical example.
How to Supercharge your Windows 10 ADMX capabilities
What PolicyPak does is strip away the limitations that so many enterprises today face with Group Policy and ADMX files. With PolicyPak, you aren’t restricted to domain join or on-premise only. PolicyPak also always fills in some of the shortcomings that have plagued Group Policy Administrative Templates for years. PolicyPak doesn’t replace Windows 10 ADMX settings; it supercharges them, allowing you to maximize the potential of these ADMX driven policies.
LEARN MORE ABOUT POLICYPAK ADMIN TEMPLATES MANAGER
The post Windows 10 ADMX: 4 Tips for Super Awesome Settings appeared first on PolicyPak.
*** This is a Security Bloggers Network syndicated blog from Blog – PolicyPak authored by Blog – PolicyPak. Read the original post at: https://www.policypak.com/pp-blog/windows-10-admx
