LGPO.exe (MS Security Compliance Toolkit)

Local Group Policy Object utility.

Syntax

   Apply policy settings:

      LGPO.exe command [...]

      where "command" is one or more of the following (each of which can be repeated):

       /g path               Import settings from one or more GPO backups under "path"
       /m path\registry.pol  Import settings from registry.pol into machine config
       /u path\registry.pol  Import settings from registry.pol into user config

       /s path\GptTmpl.inf   Apply security template.

       /a[c] path\Audit.csv  Apply an advanced auditing settings backup(CSV) file; /ac to clear policy first
                             With /ac, LGPO.exe clears existing Advanced Auditing settings before
                             applying the settings from the CSV file, and copies the file to the
                             local group policy subdirectory so that the settings appear in
                             the local group policy editor.

       /t path\lgpo.txt      Apply registry commands from LGPO text.

       /e name|guid          Enable GP extension for local policy processing; specify a GUID,
                             or one of these names:
                                 "zone"       for IE zone mapping extension
                                 "mitigation" for mitigation options, including font blocking
                                 "audit"      for advanced audit policy configuration

       /boot                 Reboot after applying policies
       /v                    Verbose output
       /q                    Quiet output (no headers)

   Create a GPO backup from local policy:

      LGPO.exe /b path [/n GPO-name]

        /b path              Create GPO backup in "path"
        /n GPO-name          Optional GPO display name (use quotes if it contains spaces)

   Parse a Registry.pol file to LGPO text (stdout):

      LGPO.exe /parse [/q] {/m|/u} path\registry.pol

       /m path\registry.pol  Parse registry.pol as machine config commands
       /u path\registry.pol  Parse registry.pol as user config commands
       /q                    Quiet output (no headers)

   Build a Registry.pol file from LGPO text:

      LGPO.exe /r path\lgpo.txt /w path\registry.pol [/v]

       /r path\lgpo.txt      Read input from LGPO text file
       /w path\registry.pol  Write new registry.pol file

Capture a backup before you apply the new settings.

File locations:

%Systemroot%\System32\GroupPolicy\
%Systemroot%\System32\GroupPolicyUsers\
C:\ProgramData\registry.pol

Examples

Export a Local Group Policy backup:

C:\> lgpo /b c:\gpobackups\

Import some previously saved Local Group Policy settings:

C:\> lgpo /g c:\gpobackups\

“The policy of being too cautious is the greatest risk of all” ~ Jawaharlal Nehru

Related:

LGPO v1.0 - Microsoft Security Guidance blog.
GPRESULT - Display Resultant Set of Policy information.
GPUPDATE - Update Group Policy settings.


Copyright © SS64.com 1999-2017
Some rights reserved