Three thoughts:
1. You can always write the policy change as a .reg file and use regedit /s [name_of_file.reg[/i] and push the change through the logon scripts.
2. If you are changing the features of an .adm based GPO:
(based on comments by mdiglio, EE):
When you went through and changed your local group policies you were actually editing several files
some administrative templates (.adm) and one security temlpate (.inf)
the .inf file contains everything in security settings
the .adm contains the administrative templates
conf.adm
inetres.adm
system.adm
wmplayer.adm
(there may be more if you imported others)
There is a folder windows\system32\grouppolicy
this contains the .adm files and any login scripts you might have used.
Later we will copy this folder to the other machines and they will inherit these settings once you type gpupdate /force at the command prompt
Now for the security settings file (.inf) I can't think of a way to do this without renetering everything.
Heres what to do:
start | run...mmc
fil | add remove snap in .... add
scroll for "Security templates" click add...close.. OK
This snapin contains a set of predefined security configurations.
If you create and name a new one... make the changes you likeyou can now copy that file wherever you would like...easiest might be windows\system32\grouppolicy
To apply this on the new machines start | run...gpedit.msc
Expand 'computer configuration'...'Windows settings'...
right click "Security Settings" and choose import
This entire security setting section can also be done from the command line using secedit /export and secedit /configure
3. If only a local security policy contained in secpol, you can remotely run mmc on each machine. Make the policy change. Any secpol settings made for the Administrator account will be distibuted to all users of that workstation when they logon.
