Jeff- Alan is on the right track here. The local GPO is generally held under %windir%\system32\grouppolicy, and Admin. Template policy settings are held in the registry.pol file under either the machine or user sub-folders in that directory. You can copy those files from machine to machine to replicate Admin. Template settings. The one thing to keep in mind is that there is a file in that local GPO folder called gpt.ini. It contains, among other things, a versionNumber key that is set to 0 on a new machine where the local GPO has never been touched. As long as that versionNumber remains 0, the local GPO is completely skipped during normal GP processing. If you copy a registry.pol file from one machine to the other then the version number on the target will not change (it only changes when you edit a GPO through the GP Editor). So, if the version # is 0, your copied settings may never get processed. So I would recommend incrementing that version on each target you copy the file to.
Darren -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, December 09, 2004 5:23 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] XP local policy I haven't really tried this, but my understanding is that the file C:\WINDOWS\system32 GroupPolicy\Machine\Registry.pol contains all of the registry settings set via GPEDIT for the admin templates. You should be able to back that up and copy it to another machine. You do need to be careful though because it may contain some other information such as Certificate Information etc. You can view it in Notepad to get an idea of what settings it contains. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml ----- Original Message ----- From: "Cothern Jeff D. Team EITC" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 10, 2004 11:44 AM Subject: RE: [ActiveDir] XP local policy Not exactly what am looking for. I already have the security part of the local policy where I can import it. But I am talking about the options within the Administrative Templates which Secedit doesn't appear to deal with. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Free, Bob Sent: Thursday, December 09, 2004 7:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] XP local policy You probably want to look into secedit and the Security Configuration and Analysis tool set. Run secedit with no arguments and the help will pop up and explain the various concepts and processes. If you want to spend some cash, FullArmor has a product for LGPO's called GPAnywhere that looks pretty intriguing. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: Thursday, December 09, 2004 4:20 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] XP local policy Is there a way to backup a local policy on an xp workstation? To go along with that could I use that to import onto a machine I just created? Just trying to find a quicker way to do things for settings that have to be on the local policy and cant be set thru GPO. They are settings in the adm templates. Thanks Jeff List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
