Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How tdo I copy/distribute Local Group Policy to all PCs...

Status
Not open for further replies.

xAOx

IS-IT--Management
Aug 15, 2006
40
US
Hello all,

I am editing local security policies here and would prefer not to edit each machine manually. How do I edit (gpedit.msc) and then export the policy, copy it, and then import it to other machines? I notice it has an Export option in the Actions menu but that exports only to a text file and doesn't seem useful for what I need.

Thanks.
 
When you went through and changed your local group policies you were actually editing several files: some administrative templates (.adm) and one security temlpate (.inf)

the .inf file contains everything in security settings
the .adm contains the administrative templates
conf.adm
inetres.adm
system.adm
wmplayer.adm
(there may be more if you imported others)

There is a folder windows\system32\group policy
this contains the .adm files and any login scripts you might have used.

Later we will copy this folder to the other machines and they will inherit these settings once you type gpupdate /force at the command prompt.

Now for the security settings file (.inf) I can't think of a way to do this without renetering everything.

Heres what to do:
start | run...mmc
file | add remove snap in .... add
scroll for "Security templates" click add...close.. OK

This snapin contains a set of predefined security configurations. If you create and name a new one... make the changes you like you can now copy that file wherever you would like...easiest might be windows\system32\grouppolicy

Now copy the \Windows\System32\GroupPolicy folder to the other machines, overwriting what is there. (You really need only the ADM subfolder, and the .inf file from above).

To set the security.inf and apply this on the new machines start | run...gpedit.msc
Expand 'computer configuration'...'Windows settings'...
right click "Security Settings" and choose import

-or-

This entire security setting section can also be done from the command line using secedit /export and secedit /configure





____________________________
Users Helping Users
 
Hmm ok let me see if I get this right,

If i choose to skip creating a new one and just edit the (default) predefined security configurations, can I then just:

1. Copy everything from \Windows\System32\GroupPolicy folder
2. Copy this folder to other machines (overwriting obviosuly)
3. Then on the machines start | run...gpedit.msc
Expand 'computer configuration'...'Windows settings'...
right click "Security Settings" and choose import and select the appropriate .inf file?

I think I got what you're saying, my only question is which file am I configuring -- "setup security", "securews", "rootsec" ?? Which one is gpedit.msc reading all of them?

Thanks....
 
So I was wrong about the steps? The links you provided are informative but seem more complicated then the 3 step process above.
 
Yes, fine.


____________________________
Users Helping Users
 
lol i'm not sure if that was an answer but thanks for your help bcastner!
 
I am just going to start>run>mmc
Add Security Template
New template --- "test1"
editing the configurations

then...
Going to another machine... opening up gpedit.msc
In Computer Configurations > Windows Settings > Security Settings
Right clicking on SS and Import Policy and selecting "test1.inf"

Will this work properly in terms of configuring the PC based on what test1.inf saves?
 
Yes.


____________________________
Users Helping Users
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top