10/17/2008

The following procedures show you how to create a new Group Policy object (GPO) for managed Windows Mobile devices. To create a new GPO for managed devices, you must first create a new GPO and then add the administrative template (ADM) file for managed devices to the new GPO. During installation of MDM Administrator Tools the ADM template is installed in %windir%\inf, the default windows directory, for example D:\Windows\inf.

Note:
A known issue occurs if you create a new GPO and then push it to a device before you configure any policy settings. The GPO will be denied by the Resultant Set of Policy (RSoP) engine. However, this will not be reported by the Group Policy Results Wizard. After you configure one or more GPO policy settings, the Group Policy Results Wizard will correctly display the results. Under the conditions described above, the Group Policy Modeling Wizard will be empty, indicating that the GPO was denied.

Creating a new GPO

To create a new Group Policy object

  1. In the Group Policy Management Console, locate the Group Policy Objectsnode.

  2. Right-click Group Policy Objects, and then choose New.

  3. In the New GPOdialog box, type the name that you want to use to use, and then choose OK.

Adding an Administrative Template file to a new GPO

To add the Administrative Template file to a new Group Policy object

  1. In the Group Policy Management Console, expand Group Policy Objectsand then locate the new GPO.

  2. Right-click the new GPO and then select Edit.

  3. In the Group Policy Object Editor, expand Computer Configuration, and then locate Administrative Templates.

  4. Right-click Administrative Templatesand then choose Add/Remove Templates.

  5. In the Add/Remove Templatesdialog box, choose Add.

  6. In the Policy Templatesdialog box, select the file Mobile.adm, and then choose Open. The selected ADM file appears in the list of current policy templates in the Add/Remove Templatesdialog box.

  7. In the Add/Remove Templatesdialog box, choose Close.

After you add the ADM file to the GPO, Group Policies related to security, encryption and device management appear in the navigation pane under Computer Configuration/Policies/Administrative Templates/Windows Mobile Settings. User related settings are located under User Configuration/Administrative Templates/Windows Mobile Settings.

Upgrading Server Builds with ADM File Changes

If you upgrade a server build that has ADM file changes, then existing GPOs might contain out-dated or excess registry keys, which results in the wrong data being sent to the device. Use the following steps in the Group Policy Management Console to resolve this issue.

To upgrade server builds with ADM File Changes

  • Manually re-create the GPO; or

  • Select Remove mobile settings from existing GPO, select Remove a template, and then select Addto force the GPO to pick up a different ADM file; or

  • Create a centralized repository for ADM templates.

To create a centralized repository for ADM templates

  1. Delete the ADM templates from each Group Policy template (GPT).

  2. Place a copy of the latest version of every ADM template (default and customized) into the C:\Windows\Inffolder on every desktop that will administer GPOs.

  3. Create a GPO that targets the computers modified in step 2.

  4. In the GPO, modify the Always Use Local ADM Files for Group Policy Editorsetting to Enabled. This setting is located under Computer Configuration\Administrative Templates\System\Group Policy.

  5. Create a GPO that targets the user accounts that have privileges to edit GPOs.

  6. In the GPO, modify the Turn off Automatic Updates of ADM filessetting to Enabled. This setting is located under User Configuration\Administrative Templates\System\Group Policy.

See Also