Score:3

Force Windows 10 to load group policy from registry

za flag

I would like to apply several group policies (for data protection purposes) on various Windows 10 machines from time to time. The target machines are running with various Windows 10 version (Home, EDU, Pro, ...). Therefore, I have a registry export file (.reg) containing the registry keys for the corresponding GPO settings. I distribute this file to the target machines and import them there. Until some time ago, these settings have been applied after a reboot.

However, for some time (I can't tell you exactly) Windows seems to ignore this. When I import the registry file, the GPO change is not visible in the GPO editor and not applied. However, when I set the corresponding setting manually in the GPO editor, the registry key gets set.

I've tried to use "gpupdate /Force" already. However, it doesn't help.

How can I apply group policies using the registry?

Score:8
cn flag

Fiddling with registry keys is not healthy for group policies, instead, you should take a look at LGPO, this is a tool to export policy settings and import them. Then, Windows will create the appropriate registry keys.

Short description is available here: https://techcommunity.microsoft.com/t5/microsoft-security-baselines/lgpo-exe-local-group-policy-object-utility-v1-0/ba-p/701045

and the tool is available in lgpo.zip, part of the Security Compliance Toolkit, here: https://www.microsoft.com/en-us/download/details.aspx?id=55319

[...]Features

  • Import settings into local group policy from GPO backups or from individual policy component files, including Registry Policy (registry.pol), security templates, and advanced auditing CSV files.

  • Export local policy to a GPO backup.

  • Parse a Registry Policy (registry.pol) file to readable "LGPO text" directly to the console or redirected to a file which can edited and imported into local policy.

  • Build a new Registry Policy (registry.pol) file from "LGPO text".

  • Enable group policy client side extensions for local policy processing.

[...]

Basically, the idea is to set the policies you want on a computer, then run lgpo.exe /b <backup_path> and import this on another computer lgpo /g <import_path>

Daniel avatar
in flag
You can also use LGPO to apply group policies from command line. No need to backup and import. You'd have to see the documentation on how this works. I don't have the parameter at hand.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.