I was working on a PowerShell script the other day where a VBScript was failing me (I need to get into PowerShell more anyways) and needed to switch the execution policy on a set of computers to allow my script to run. A quick look through documentation told me it could be configured by running a command on each box or even better through a Group Policy setting.
However, when I went to find the setting in Group Policy Management Console on my Windows 7 SP1 box, I did not see it where every document and website said it should be (Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsWindows PowerShell). I confirmed a few other Windows 7 PCs that the setting was not available. When I remoted into a Server 2008 R2 box, however, the setting was there.
I confirmed that I had downloaded the latest RSAT tools when I installed GPMC and AD Users & Computers on Windows 7. Starting with Server 2008 and Windows Vista, Microsoft deprecated the proprietary .adm files and adopted XML-based .admx files. These files can be found at %SYSTEMROOT%PolicyDefinitions (or likely, C:WindowsPolicyDefinitions). Comparing the files in Server 2008 R2 and Wind0ws 7 SP1, there was a lot of overlap but I found a few files unique to each OS.
Unique to Server 2008 R2:
Unique to Windows 7SP1:
It doesn’t make a whole lot of sense for there to be OS-specific templates for Group Policy. The settings are restricted to what operating systems they can affect but it should not matter from which OS you configure a policy.
Where it gets even more interesting, Microsoft offers a download of “Win7 and Server 2008R2 ADMX Templates”. It contains all of the files listed above and a template unique to it called SearchOCR.admx but it does not include PowerShellExecutionPolicy.admx.
To get all relevant policies in one location, you should download the Administrative Templates (ADMX) for Windows Server 2008 R2 and Windows 7 from Microsoft and copy it to %SystemRoot%PolicyDefinitions and copy PowerShellExecutionPolicy.admx and its language-specific .adml file in your language’s sub-folder (en-us) under PolicyDefinitions from a Server 2008 (R2) computer at the same location. 404TS provides a collection of the above files for download which includes PowerShellExecutionPolicy.admx.
Having to copy all of these files to each computer that could be doing Group Policy administration can be time-consuming and complicated for a large organization. That’s why, along with the ADMX standard, Microsoft introduced the concept of a Central Store. Read Microsoft’s KB article 929841 for more details. Essentially, you create a PolicyDefinitions folder for the domain under the SysVolPolicies folder and the domain management tools check there first for an authoritative copy.