Utilities for automating Local Group Policy management
Update, 21 January 2016:
LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces the no-longer-maintained LocalGPO tool that shipped with the Security Compliance Manager (SCM), and the Apply_LGPO_Delta and ImportRegPol tools.
- Import settings into local group policy from GPO backups or from individual policy component files, including Registry Policy (registry.pol), security templates, and advanced auditing CSV files.
- Export local policy to a GPO backup.
- Parse a Registry Policy (registry.pol) file to readable “LGPO text” directly to the console or redirected to a file which can edited and imported into local policy.
- Build a new Registry Policy (registry.pol) file from “LGPO text”.
- Enable group policy client side extensions for local policy processing.
LGPO.exe can be downloaded from the Security Guidance blog: https://blogs.technet.com/b/secguide/archive/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0.aspx
This page has the most recent versions of utilities for automating the management of Local Group Policy Objects (LGPOs). [Update, Jan 15, 2010: Instead of linking to another page containing the latest versions of the utilities, the utilities will always be attached to this page.] Because the software hosting this blog allows only one attachment per page, the source code will be posted on another page, with the updated link below.
Set_FDCC_LGPO -- applies all the FDCC Group Policies published by NIST on their web site to the Local Group Policy of the Windows XP or Windows Vista computer you run the utility on.
- Latest version, Q1 2009 [updated 2009-09-15]
- Webcast: [getting this fixed]
Apply_LGPO_Delta -- automates custom changes to local policy and security settings on the Windows computer you run the utility on.
- Latest version (2.1) [updated 2010-01-15]
- Webcast: https://msevents.microsoft.com/CUI/InviteOnly.aspx?EventID=18-D1-D2-C5-1F-3A-9E-F9-B1-26-DC-17-61-15-4E-41
ImportRegPol -- reads content from a registry policy (registry.pol) file, and imports it into local policy on the current computer, and/or writes its content to a log file in a format that Apply_LGPO_Delta can use.
- Latest version (1.1) [2010-01-15]
The latest source code for these utilities is here: https://blogs.technet.com/fdcc/archive/2010/01/15/updated-lgpo-utility-sources.aspx LGPO-Utilities.zip