3

I would like to apply several group policies (for data protection purposes) on various Windows 10 machines from time to time. The target machines are running with various Windows 10 version (Home, EDU, Pro, ...). Therefore, I have a registry export file (.reg) containing the registry keys for the corresponding GPO settings. I distribute this file to the target machines and import them there. Until some time ago, these settings have been applied after a reboot.

However, for some time (I can't tell you exactly) Windows seems to ignore this. When I import the registry file, the GPO change is not visible in the GPO editor and not applied. However, when I set the corresponding setting manually in the GPO editor, the registry key gets set.

I've tried to use "gpupdate /Force" already. However, it doesn't help.

How can I apply group policies using the registry?

Julian K
  • 41
  • 4

1 Answers1

8

Fiddling with registry keys is not healthy for group policies, instead, you should take a look at LGPO, this is a tool to export policy settings and import them. Then, Windows will create the appropriate registry keys.

Short description is available here: https://techcommunity.microsoft.com/t5/microsoft-security-baselines/lgpo-exe-local-group-policy-object-utility-v1-0/ba-p/701045

and the tool is available in lgpo.zip, part of the Security Compliance Toolkit, here: https://www.microsoft.com/en-us/download/details.aspx?id=55319

[...]Features

  • Import settings into local group policy from GPO backups or from individual policy component files, including Registry Policy (registry.pol), security templates, and advanced auditing CSV files.

  • Export local policy to a GPO backup.

  • Parse a Registry Policy (registry.pol) file to readable "LGPO text" directly to the console or redirected to a file which can edited and imported into local policy.

  • Build a new Registry Policy (registry.pol) file from "LGPO text".

  • Enable group policy client side extensions for local policy processing.

[...]

Basically, the idea is to set the policies you want on a computer, then run lgpo.exe /b <backup_path> and import this on another computer lgpo /g <import_path>

Swisstone
  • 6,357
  • 7
  • 21
  • 32
  • 1
    You can also use LGPO to apply group policies from command line. No need to backup and import. You'd have to see the documentation on how this works. I don't have the parameter at hand. – Daniel Feb 01 '22 at 21:15