LGPO.exe – Local Group Policy Object Utility

最新推荐文章于 2024-10-28 21:27:42 发布

allway2

最新推荐文章于 2024-10-28 21:27:42 发布

阅读量1.1k

点赞数

本文链接：https://blog.csdn.net/allway2/article/details/101288875

版权

LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces the no-longer-maintained LocalGPO tool that shipped with the Security Compliance Manager (SCM), and the Apply_LGPO_Delta and ImportRegPol tools.

Features:

Import settings into local group policy from GPO backups or from individual policy component files, including Registry Policy (registry.pol), security templates, and advanced auditing CSV files.
Export local policy to a GPO backup.
Parse a Registry Policy (registry.pol) file to readable "LGPO text" directly to the console or redirected to a file which can edited and imported into local policy.
Build a new Registry Policy (registry.pol) file from "LGPO text".
Enable group policy client side extensions for local policy processing.

The zip file attached to this post includes LGPO.exe and full documentation. This is the command line syntax:

LGPO.exe v1.00 - Local Group Policy Object utility

LGPO.exe has four modes:
* Import and apply policy settings;
* Export local policy to a GPO backup;
* Parse a registry.pol file to "LGPO text" format;
* Build a registry.pol file from "LGPO text".

To apply policy settings:

LGPO.exe command [...]

where "command" is one or more of the following (each of which can be repeated):

    /g path               import settings from one or more GPO backups under "path"
    /m path\registry.pol import settings from registry.pol into machine config
    /u path\registry.pol import settings from registry.pol into user config
    /s path\GptTmpl.inf   apply security template
    /a[c] path\Audit.csv apply advanced auditing settings; /ac to clear policy first
    /t path\lgpo.txt      apply registry commands from LGPO text
    /e <name>|<guid>      enable GP extension for local policy processing; specify a
                          GUID, or one of these names:
                          * "zone" for IE zone mapping extension
                          * "mitigation" for mitigation options, including font blocking
                          * "audit" for advanced audit policy configuration
    /boot                 reboot after applying policies
    /v                    verbose output
    /q                    quiet output (no headers)

To create a GPO backup from local policy:

LGPO.exe /b path [/n GPO-name]

/b path Create GPO backup in "path"
/n GPO-name Optional GPO display name (use quotes if it contains spaces)

To parse a Registry.pol file to LGPO text (stdout):

LGPO.exe /parse [/q] {/m|/u} path\registry.pol

    /m path\registry.pol parse registry.pol as machine config commands
    /u path\registry.pol parse registry.pol as user config commands
    /q                    quiet output (no headers)

To build a Registry.pol file from LGPO text:

LGPO.exe /r path\lgpo.txt /w path\registry.pol [/v]

/r path\lgpo.txt Read input from LGPO text file
/w path\registry.pol Write new registry.pol file

(See the documentation for more information and examples.)

[Update: the latest version of LGPO.exe is here.]