Friday 28 September 2012

Backup and restore the Local GPO

In this post, I would like to introduce the method to backup and restore the Local GPO.
LOCALGPO, A handy tool to apply security setting to non-domain joined computers or Local GPO in your organization.
  1. You may download Security Compliance Manager (SCM) from Microsoft.
  2. Extract "Security_Compliance_Manager_Setup.exe" to a new folder A via 7zip or WinRAR.
  3. Extract the "data.cab" to a new folder B.
  4. In the new folder B, add the .msi extension to file named "LocalGPO"
  5. Install the new MSI Installer "LocalGPO.msi"
  6. Launch command-line here.cmd from C:\Program Files\LocalGPO on 32-bit systems or C:\Program Files (x86)\LocalGPO on 64-bit systems
image
Export Policy
cscript LocalGPO.wsf /Path:C:\GPObackups /Export
- Exports a GPO Backup based on the Local Policy configuration to a folder in the specified path.
clip_image002
-New GPO GUID folder was created
clip_image003
Import Policy
cscript LocalGPO.wsf /Path:C:\GPObackups\{GPO Backup GUID}
- Applies the contents of the GPO Backup stored in the specified path to the Local Policy of a Windows computer.
clip_image004
Create GPOPack to deploy via Microsoft Deployment Toolkit (MDT) or Microsoft System Center Configuration Manager (SCCM)
cscript LocalGPO.wsf /Path:C:\GPObackups /Export /GPOPack
- Creates a GPOPack and stores it in the specified path. GPOPacks can be copied to other computers, and applied by double-clicking GPOPack.wsf.
clip_image005
Copy the folder and double click GPOPack.wsf from other machine to apply the same policy.clip_image006
You may notice that you get a pop-up message when you run this command.
clip_image007
This can be suppressed by adding the “/silent” switch
Script to deploy via MDT and SCCM
GPOPack.wsf /silent
clip_image008
Restore Policy to default
cscript LocalGPO.wsf /Restore
- Restores the entire Local Policy to its default configuration.
clip_image009
It’s FREE!
You can get your hand on the LocalGPO tool right now as part of the Microsoft Security Compliance Manager

Update 18/10/2012
Download LocalGPO.msi

1 comment:

  1. Is it possible to import a GPO pack and not overwrite the existing polices on the machine?

    ReplyDelete