How to apply Local Group Policy settings silently using the ImportRegPol.exe and Apply_LGPO_Delta.exe utilities.
In many Organizations, the AD support team is separated from the team in charge of Imaging. The AD team naturally is protective with their setup and fight any GPO setting that would result in more responsibility to their staff. So that leaves us in some occasions having to turn to Local Group Policy to apply the settings we want. I’ve recently come across some great tools provided by Microsoft (very quietly) for Government usage. These tools allow you to basically back up your LGPO settings to a txt file and apply them on demand with a script silently.
MS link: http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-05-16-48/LGPO_2D00_Utilities.zip
BackUp link: https://panaconsulting.egnyte.com/h-s/20120118/077e07ba18c74413
How to use:
- Apply desired settings on a Windows 7 test machine, using the gpedit.msc MMC snap-in.
- Run the “ImportRegPol.exe” with the /parseonly and /log to pull settings and save to a specified LOG file.
User settings and machine settings need to be captured separately:
Capture User Example
ImportRegPol.exe /u C:\Windows\System32\GroupPolicy\User\registry.pol /parseonly /log <PathToSettingsFile>.log
Capture Machine Settings Example:
ImportRegPol.exe /m C:\Windows\System32\GroupPolicy\Machine\registry.pol /parseonly /log <PathToSettingsFile>.log - Use the Apply_LGPO_Delta.exe utility to apply the settings silently. On restart the settings will take effect.
Apply_LGPO_Delta.exe <PathToSettingsFile>.log /log <PathToLogFile>.log - This can easily be added to an SCCM or MDT Task Sequence and tied to logic to ensure the correct settings get pushed to the appropriate target systems/users.
Command Line help for LGPO Tools:
Apply_LGPO_Delta.exe inputfile0 [inputfile1 ...] [/log LogFile] [/error ErrorLogFile] [/boot]
inputfileN One or more input files specifying the changes to make. Input files must be security template files, or registry-based policy files using a custom file format described below. Apply_LGPO_Delta automatically determines whether a file is a custom policy file or a security template. Security templates can be created using the “Security Templates” MMC snap-in.
/log LogFile Writes detailed results to a log file. If this option is not specified, output is not logged nor displayed.
/error ErrorLogFile Writes error information to a log file. If this option is not specified, error information is displayed in a message box dialog.
/boot Reboots the computer when done.
ImportRegPol.exe –m|-u path\registry.pol [/parseOnly] [/log LogFile] [/error ErrorLogFile] [/boot]
-m path\registry.pol [for Computer configuration] or
-u path\registry.pol [for User configuration]
Path\registry.pol specifies the absolute or relative path to the input registry policy file (which does not need to be named “registry.pol”).
/parseOnly Reads and validates the input file but does not make changes to local group policy. In conjunction with the /log option, can be used to convert a registry policy file to an input file for Apply_LGPO_Delta.
/log LogFile Writes detailed results to a log file. If this option is not specified, output is not logged nor displayed. The logged results for the registry policy settings can be used as input for Apply_LGPO_Delta.
/error ErrorLogFile Writes error information to a log file. If this option is not specified, error information is displayed in a message box dialog.
/boot Reboots the computer when done.
相关文章
- flask_socket_io中报错RuntimeError: You need to use the eventlet server. See the Deployment section of the documentation for more information.的解决办法
- eclipse报错:Failed to load the JNI shared library
- undefined reference to `__isnan'
- [MyBatis]问题:ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.
- hdu1800 Flying to the Mars(字典树)
- error: exportArchive: You don’t have permission to save the file “HelloWorld.ipa” in the folder “HelloWorld”.
- The Definitive Guide To Django 2 学习笔记(一) Views and UrL confsRL
- Gitlab - 解决添加webhook提示Url is blocked: Requests to the local network are not allowed的问题
- Docker - 解决 docker push 上传镜像报:denied: requested access to the resource is denied 的问题
- Introduction to the Trusted Services Project
- Unable to access the IIS metabase.You do not have sufficient privilege
- How to Install and Configure Zabbix on Ubuntu 16.04
- vue cli3.0创项目报错‘This may cause things to work incorrectly. Make sure to use the same version for b’
- Try: Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get m
- After updating Android Studio to version 1.3.0 I am getting “NDK integration is deprecated in the current plugin” Error
- PcfTranslator - Translate AVEVA PDMS to PCF
- PDMS RVM TO 3DXML - RvmTranslator6.0
- 2019-11-6-Roslyn-how-to-use-WriteLinesToFile-to-write-the-semicolons-to-file
- [解决] Error Code: 1044. Access denied for user 'root'@'%' to database
- git学习------>"Agent admitted failure to sign using the key." 问题解决方法