Backup/Import Local Security Policy?

P

PiriPiri

Banned
Local time
7:12 PM
Messages
4
Hello, new user so sorry if this has been brought up. I tried searching for the exact issue and found nothing, so I'm sorry if it's been discussed previously.

I'm quite anal about my computer security and was wanting to apply the NSA's XP recommendations to Windows 7 where applicable. However I'm not sure how to backup the policy once I am done modifying it, and then import it to another computer/install.

Can anyone help me out? Thanks in advance.
 
Last edited by a moderator:

My Computer

OS
Deleted
Technically local security policy is by definition "local" to that machine. You can try copying the contents of one machines' LGPO contents to another, but this isn't always going to work. I guess the question is, are all of the settings you are modifying in the local GPO policy? If so, they're all just registry settings, so figuring out which registry value each policy changes and to what data you'd like the value set means you can really do this with a .reg import of the settings. Unless you're modifying things like adding certificates or setting service configuration (both of which can be scripted using other tools, btw), anything in the Administrative tools section (and a lot of things in the other sections) are just registry values.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom
OS
Windows 10 Pro x64
CPU
Intel Core i7 4790K @ 4.5GHz
Motherboard
Asus Maximus Hero VII
Memory
32GB DDR3
Graphics Card(s)
Nvidia GeForce GTX970
Sound Card
Realtek HD Audio
Screen Resolution
1920x1200
Hard Drives
1x Samsung 250GB SSD
4x WD RE 2TB (RAIDZ)
PSU
Corsair AX760i
Case
Fractal Design Define R4
Cooling
Noctua NH-D15
Right. However I've done this on Windows XP in the past with secedit. Just because It's local doesn't mean it can't be exported as a policy to be reapplied later.
 
Last edited by a moderator:

My Computer

OS
Deleted
True, you could use secedit /export to export the current security settings on a system to a configuration database on Win7. However, this only gets things you can configure under the local security policy - it won't get anything under Windows Settings or Administrative Templates in gpedit, so if you want those settings, you have to live with manually copying \Windows\System32\GroupPolicy to redistribute it (and hoping the gPCMachineExtensionNames GUIDs match on all machines), or apply registry settings for those settings instead from a .reg (but this doesn't enforce if changed later, of course, like policy would).

You might be interested in looking into Microsoft's Security Compliance Manager (SCM) instead.
http://technet.microsoft.com/en-us/library/cc677002.aspx
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom
OS
Windows 10 Pro x64
CPU
Intel Core i7 4790K @ 4.5GHz
Motherboard
Asus Maximus Hero VII
Memory
32GB DDR3
Graphics Card(s)
Nvidia GeForce GTX970
Sound Card
Realtek HD Audio
Screen Resolution
1920x1200
Hard Drives
1x Samsung 250GB SSD
4x WD RE 2TB (RAIDZ)
PSU
Corsair AX760i
Case
Fractal Design Define R4
Cooling
Noctua NH-D15
You must log in or register to reply here.

Similar threads

Solved Need help with Group Policy Editor from IT pro
Replies
6
Views
2K
file3456
F
Diagnostic Policy Services not running - and won't run
Replies
6
Views
5K
Louiscar
L
Security baseline news for Microsoft Edge version 81
Replies
0
Views
1K
Brink
Brink
copy a local group policy from one computer into another computer
Replies
4
Views
3K
red99
R
Keyboard + mouse not functioning past BIOS following CPU+MB upgrade
2
Replies
27
Views
6K
kapqa
K
Back
Top