James Harper
How To Keep ADMX Files Updated Automatically with EvergreenADMX and Task Scheduler
So, you’re tired of manually updating your Windows ADMX templates every time there’s a new version? Totally get it. This stuff can get tedious, especially when you’re juggling multiple systems. Luckily, using the EvergreenADMX PowerShell module combined with Windows Task Scheduler makes automating this pretty straightforward. It’s not perfect—sometimes things break, or Windows throws a curveball—but it’s better than clicking “Download” a dozen times a year.
Prerequisites
Before diving into the script magic, make sure you’ve got these in place:
- A Windows Server or any machine with admin rights (domain controller preferred but not required).
- Latest version of Windows PowerShell installed. If you’re running a super old version, you might wanna update first. (PowerShell 5.1 is pretty common, but PowerShell 7+ works too.)
- An account with permission to run scripts and create scheduled tasks.
- Access to your domain controller, or just your workstation if that’s more your style.
Step 1: Access the Domain Controller
Starting on the domain controller, you probably wanna just SSH or Remote Desktop into it. Or, if not, use a network path:
- Right-click Start, pick Run (or just press Win + R).
- Type in
\\DC01(swap to your DC’s name). Hit OK. - Navigate to Sysvol > Policies > PolicyDefinitions.
Check the “Last Date Modified” for your current ADMX files. If they’re old or the date is stale, that’s your cue to update.
Step 2: Launch PowerShell as Admin
This part can trip people up. You need admin rights to install modules and run scripts:
- Click the Start menu, type PowerShell, then right-click and pick Run as administrator.
Step 3: Install EvergreenADMX
This module is what does the magic. Run:
Install-Module -Name EvergreenADMX -Scope CurrentUserOn some setups, this might fail at first because of the untrusted repository warning. Just type Y and hit Enter. Because of course, Windows has to make it harder than necessary. If it refuses, you might need to set execution policies or trust the PSGallery repository manually.
Step 4: Run the Script to Update ADMX Files
Here’s where the actual update happens. You’ll need to specify the path to your PolicyDefinitions folder. Usually, it’s something like C:\Windows\PolicyDefinitions or somewhere in your SYSVOL share. Example command:
.\Get-InternetAdmxUpdates.ps1 -WindowsVersion "2025" -PolicyStore "C:\Windows\PolicyDefinitions"Replace the path with whatever you’re using. If you’re on a domain controller, it’s probably \\YourDC>\SYSVOL\YourDomain>\Policies\PolicyDefinitions, but local path works too if you’re just testing.
Step 5: Confirm the Update
Navigate to the PolicyDefinitions. Folder and check the “Last Modified” date. It should tick forward. Sometimes, it’s a bit flaky, and you gotta run the script again. Not sure why it works sometimes on the first try, and sometimes not—maybe a caching issue, or permissions.
Step 6: Automate with Task Scheduler
Now, to make sure this all runs automatically without you clicking a thing:
- Open Task Scheduler (Start > type Task Scheduler).
- Choose Create Basic Task from the right.
- Name it “ADMX Update” or whatever. Click Next.
- Pick how often—monthly, weekly, whatever makes sense.
- Set the time, then click Next.
- Choose Start a program and hit Next.
- For Program/script, type
powershell.exe. - In Arguments, paste your update command, wrapped in quote marks, like:
- Click Finish, and Bob’s your uncle.
-ExecutionPolicy Bypass -File "C:\Path\To\Your\Script\Update-ADMX.ps1"This assumes you’ve saved your update commands in a separate script, or just paste the inline command. Just remember to set execution policy to Bypass temporarily if needed.
Extra Tips & Common Hiccups
- Sometimes, scheduled tasks don’t run because of permission issues. Make sure the account you assign has the rights to run PowerShell and access the ADMX folders.
- If the script isn’t updating, double-check the path, permissions, and execution policy. Run
Get-ExecutionPolicyto see what’s set. If it’s restricted, runSet-ExecutionPolicy -Scope Process -ExecutionPolicy Bypasstemporarily. - And yeah, sometimes the script fails due to network hiccups or proxy issues. Not sure why it happens on some machines and not on others, but rerunning usually helps.
Some Final Notes
This isn’t a magic button—sometimes files refuse to update or you get weird caching issues. But in most cases, setting it up once means future updates are just a matter of waiting for when the scheduled task lands. It’s a peace-of-mind move that really cuts down manual chores.
Frequently Asked Questions
What are ADMX files?
ADMX files are Administrative Template files that define all the Group Policy settings that you can tweak. They’re like the user interface for GPOs. If you’re not running the latest, some settings or features won’t show up.
How often should the ADMX files be updated?
Ideally, whenever Microsoft drops an update—so, new Windows releases or cumulative updates. But at least once a year, just to be safe. The more you keep up, the less you’ll get caught off guard.
Can this be done on a workstation instead of a server?
Yep. Basically, as long as you have access to the PolicyDefinitions folder and permissions to run scripts, it works. Centralized management is better, but this setup isn’t exclusive to servers.
Summary
- Install EvergreenADMX module with
Install-Module. - Run the update script pointing to your PolicyDefinitions folder.
- Set up a scheduled task with PowerShell to automate everything.
- Check the “Last Modified” date to verify update success.
Hopefully this shaves off a few hours for someone. Fingers crossed this helps.