My applications already ship with an ADM or ADMX file.

If an application does ship with an ADM or ADMX file, and you’re happy with it, then, yes, you should keep using it. However, let’s examine three common applications which do ship with ADM(x) files: Office, Chrome, and Acrobat Reader.

  • In the case of Office, there are a lot of missing items in their ADMX files. I would humbly suggest you read our whitepaper on the subject ( You’ll find that many key items (especially in Excel and Outlook) simply aren’t present in the ADM(x) files. We found them all and they’re in our Office Paks – ready to rock.
  • In the case of Chrome, this is an unusual case. On the one hand chrome does store some configuration items in the registry, but not all configurable items. So, Google’s ADMX files do a “medium ok, but not great” job managing its settings. If you use Google’s ADMX files you’re missing (roughly) another 30-40% of settings which can ONLY be delivered to Chrome’s configuration file (which isn’t stored in the Registry). PolicyPak enables those configurations.
  • In the case of Acrobat Reader, they’ve recently come out with an ADMX file, and it covers 15 settings. Not 15%. Fifteen TOTAL settings. What about the other 900 settings Acrobat Reader and (Acrobat Pro) have? Answer: PolicyPak.

Note: It’s conceivable that in the future any given application will be beautifully coded to accept all settings with ADM or ADMX files. Until then, you’ve got PolicyPak, where we can set about 80% of the settings for 80% of the applications plus perform true lockdown about 80% of the time.

Additionally, it should be noted that not all ADM / ADMX files are created equal. If the application isn’t specifically coded from the factory to perform true lockdown, creating an ADM or ADMX file won’t magically make it lockdown. In those cases, the setting is delivered exactly one time and never again. So when users work around your settings, you’re stuck, and there’s nothing in the Group Policy engine to automatically remediate when users work around those settings.

Here’s the video Jeremy Moskowitz, Microsoft MVP, Enterprise Mobility made to help understand where ADM(x) files work and don’t work the way you expect.