 | |
| |
| 23 Mar 2011 | #1 |
| | Backup/Import Local Security Policy? Hello, new user so sorry if this has been brought up. I tried searching for the exact issue and found nothing, so I'm sorry if it's been discussed previously. I'm quite anal about my computer security and was wanting to apply the NSA's XP recommendations to Windows 7 where applicable. However I'm not sure how to backup the policy once I am done modifying it, and then import it to another computer/install. Can anyone help me out? Thanks in advance. |
My System Specs | |
| 23 Mar 2011 | #2 |
| | Technically local security policy is by definition "local" to that machine. You can try copying the contents of one machines' LGPO contents to another, but this isn't always going to work. I guess the question is, are all of the settings you are modifying in the local GPO policy? If so, they're all just registry settings, so figuring out which registry value each policy changes and to what data you'd like the value set means you can really do this with a .reg import of the settings. Unless you're modifying things like adding certificates or setting service configuration (both of which can be scripted using other tools, btw), anything in the Administrative tools section (and a lot of things in the other sections) are just registry values. |
| My System Specs |
| 23 Mar 2011 | #3 |
| | Right. However I've done this on Windows XP in the past with secedit. Just because It's local doesn't mean it can't be exported as a policy to be reapplied later. |
| My System Specs |
| . |
| |
| 23 Mar 2011 | #4 |
| | True, you could use secedit /export to export the current security settings on a system to a configuration database on Windows 7. However, this only gets things you can configure under the local security policy - it won't get anything under Windows Settings or Administrative Templates in gpedit, so if you want those settings, you have to live with manually copying \Windows\System32\GroupPolicy to redistribute it (and hoping the gPCMachineExtensionNames GUIDs match on all machines), or apply registry settings for those settings instead from a .reg (but this doesn't enforce if changed later, of course, like policy would). You might be interested in looking into Microsoft's Security Compliance Manager (SCM) instead. http://technet.microsoft.com/en-us/l.../cc677002.aspx |
| My System Specs |
 |
Backup/Import Local Security Policy? problems?
| Thread Tools | |
| Similar help and support threads for: Backup/Import Local Security Policy? | ||||
| Thread | Forum | |||
| Local Security Policy problem | Network & Sharing | |||
| Local Security Policy Recommended Changes? | System Security | |||
| Customize Local Security Policy | Customization | |||
| Group Policy Editor or Local Security Policy | System Security | |||
| Cannot find local security policy | General Discussion | |||
All times are GMT -5. The time now is 10:22 PM.
