import/export local computer policy? 1

[Auger282]

Hi,

These workstations are not connected by a domain they are out on their own.

I was looking for a way to control local computer policies without having a domain (or going computer to computer)

Creating one.. exporting.. and then importing to the workstations...

something like that.. but I dont see the options anywhere and I dont see anyting online

any ideas?

 

[JFBouchard]

Hi, use poledit to create your .POL policies file.

Create a share on one of the computer that will be accessible by all the others and point the following registry key to your .pol file:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update
UpdateMode=2 then create a string value named "NetworkPath" and enter the UNC path to your .pol file.

This will enforce your system policies on all the workstations and they will be centralized for easy management.

You can also copy your file on the workstation and give the local path in the "networkpath" value.


Hope this helps. Please let know if this resolve your issue

Jeff

 

[Auger282]

u mean gpedit?

 

[JFBouchard]

No, poledit.exe system policies and local group policies aren't the same but the result is the same.

System policies (.POL) is user and machine-based and LGPO (gpedit.msc) is only machine-based.

This tool is in the resource kit.



Hope this helps. Please let know if this resolve your issue

Jeff

 

[bcastner]

With poledit you have 72 registry objects you can configure. With gpedit you have 150 registry objects and 620 security objects you can configure.

With poledit you are tattooing the registry with your changes. These can be difficult to remove or revert.

http://www.microsoft.com/resources/...Windows/XP/all/reskit/en-us/prda_dcm_vwui.asp

http://www.microsoft.com/resources/...Windows/XP/all/reskit/en-us/prcf_omn_mvbr.asp

But you do not have a lot of choices in a Workgroup.

. You can use poledit as discussed above;
. You can copy .adm and .inf files from a centrally configured workstation:

When you change your local group policies you are actually editing several files, some administrative templates (.adm) and one security temlpate (.inf)

. the .inf file contains everything in security settings
. the .adm contains the administrative templates
conf.adm
inetres.adm
system.adm
wmplayer.adm

There is a folder windows\system32\GroupPolicy that contains the .adm files and any login scripts you might have created or edited.

You can copy this folder to the other machines and they will inherit these settings once you type gpupdate /force at the command prompt

. The security settings file (.inf) should be created new and handled as a seperate item.

Start, Run, MMC
File, add remove snap in, add
scroll for "Security templates" click add...close.. OK

This snapin contains a set of predefined security configurations. If you create and name a new one you can make the changes you want and then copy that file wherever you would like... the easiest might be windows\system32\GroupPolicy

To apply this on the new machines Start, Run, gpedit.msc

Expand 'Computer configuration','Windows settings'
Right click "Security Settings" and choose import

This entire security setting section can also be done from the command line using secedit /export and secedit /configure

. A third possibility is to use Doug Knox's XP Security Console Utility: thread779-685048

 

[Auger282]

bcas.. <3

 

[bcastner]

. You can use poledit as discussed above;
. You can copy .adm and .inf files from a centrally configured workstation:
. A third possibility is to use Doug Knox's XP Security Console Utility: Thread779-685048

3, no?