Windows 7 / Getting Started

Using Starter GPOs

Starter GPOs, introduced in the GPMC for Windows Server 2008 and Windows Vista SP1 with RSAT, are read-only collections of configured Administrative Template (.admx) policy settings that you can use to create a live GPO. Starter GPOs provide baselines of Group Policy settings designed for specific scenarios. By using Starter GPOs as templates for creating domain-based GPOs, you can deploy Group Policy quickly in different kinds of environments. Note that Starter GPOs can contain only policy settings (ADM settings); they cannot include preference items, security settings, or other types of Group Policy settings.

In Windows Vista SP1 and Windows Server 2008, you had to download Starter GPOs before using them. Now, however, a default set of Starter GPOs are included in RSAT for Windows 7 and in the GPMC feature of Windows Server 2008 R2.

RSAT for Windows 7 includes two different categories of Starter GPOs:

  1. Enterprise Client (EC) Client computers in this type of environment are members of an AD DS domain and need to communicate only with systems running Windows Server 2003. The client computers in this environment may include a mixture of Windows versions, including Windows 7, Windows Vista, and Windows XP.
  2. Specialized Security Limited Functionality (SSLF) Client computers in this type of environment are members of an AD DS domain and must be running Windows Vista or later. Concern for security in this environment is a higher priority than functionality and manageability, which means that the majority of enterprise organizations do not use this environment. The types of environments that might use SSLF are military and intelligence agency computers.

In addition to these two categories, the default Starter GPOs in RSAT for Windows 7 can also be categorized by whether they do the following:

  • Apply only to clients running Windows XP SP2 or later or Windows Vista SP1 or later.
  • Apply to users or to computers.

The result of this categorization is the following eight types of Starter GPOs included in RSAT for Windows 7:

  • Windows Vista EC Computer
  • Windows Vista EC User
  • Windows Vista SSLF Computer
  • Windows Vista SSLF User
  • Windows XP EC Computer
  • Windows XP EC User
  • Windows XP SSLF Computer
  • Windows XP SSLF User

For more information concerning the default configuration of policy settings in Starter GPOs designed for Windows Vista SP1 or later, see the Windows Vista Security Guide at http://go.microsoft.com/?linkID=5744573. For more information concerning the default configuration of policy settings in Starter GPOs designed for Windows XP SP2 or later, see the Windows XP Security Compliance Management Toolkit at http://go.microsoft.com/fwlink/?LinkId=14839. Updated information on Starter GPOs should also be available; search for Windows 7 Security Guide on the Microsoft Download Center.

Before you can use Starter GPOs, you must prepare your environment by creating a separate folder for these GPOs in the SYSVOL share on your domain controllers. If your forest has more than one domain, you must create a separate Starter GPOs folder in each domain of your forest. To create the Starter GPOs folder, perform the following steps:

  1. Open the GPMC and select the Starter GPOs node in the console tree for the domain.
  2. Click the Create Starter GPOs Folder button in the details pane.
  3. Repeat for each domain in your forest.

After you create your Starter GPOs folder, you can use the default Starter GPOs as templates when you create new GPOs, as described in the next section. You can also create and manage your own Starter GPOs by right-clicking the Starter GPOs node in the console tree of the GPMC.

[Previous] [Contents] [Next]

In this tutorial:

  1. Managing the Desktop Environment
  2. Understanding Group Policy in Windows 7
  3. Group Policy Before Windows Vista
  4. Group Policy in Windows Vista and Windows Server 2008
  5. New Group Policy Features in Windows 7 and Windows Server 2008 R2
  6. Group Policy Policy Settings in Windows 7
  7. Understanding ADMX Template Files
  8. Types of ADMX Template Files
  9. Local Storage of ADMX Template Files
  10. Considerations When Working with ADMX Template Files
  11. Understanding Multiple Local Group Policy
  12. MLGPOs and Group Policy Processing
  13. Managing Group Policy
  14. Adding ADMX Templates to the Store
  15. Creating and Managing GPOs
  16. Using Starter GPOs
  17. Creating and Managing GPOs Using the GPMC
  18. Creating and Managing GPOs Using Windows PowerShell
  19. Editing GPOs
  20. Configuring Policy Settings
  21. Configuring Preference Items
  22. Managing MLGPOs
  23. Migrating ADM Templates to ADMX Format
  24. Converting ADM Template Files to ADMX Format
  25. Creating and Editing Custom ADMX Template Files
  26. Configuring Group Policy Processing
  27. Using Advanced Group Policy Management
  28. Troubleshooting Group Policy
  29. Enabling Debug Logging
  30. Using Group Policy Log View
  31. Using GPResult