none
LocalGPO doesn't seem to do anything...? RRS feed

  • Question

  • OS: Windows 7 Pro, 32-bit, running under VMware Workstation

    I'm trying to work out how to get LocalGPO working so that I can define a bunch of local policies and then use the tools to apply those policies to multiple PCs.

    So what I did is tweak a bunch of group polices (to apply only to non-administrator users, following instructions at http://www.sevenforums.com/tutorials/101869-local-group-policies-apply-all-users-except-administrators.html). I then installed *just* the LocalGPO MSI and ran it to export:

    cscript LocalGPO.wsf /Export /Path:e:\gpos\ /gpopack

    and it created a long GUID-named directory full of a bunch of stuff.

    I then do a snapshot and revert to an earlier snapshot, prior to all my policy changes, where I try to import it.

    1. copy e:\gpos\ and all subdirectories to c:\gpos\ just in case it matters.
    2. Start -> All Programs -> LocalGPO -> "Run as Administrator" "LocalGPO Command-line"
    3. cscript LocalGPO.wsf /path:c:\gpos\{guid}
    4. Output:
    Microsoft (R) Windows Script Host Version 5.8
    Copyright (C) Microsoft Corporation. All rights reserved.
    
    
    Modifying Local Policy... this process can take a few moments.
    
    Applied valid INF from c:\gpos\{guid}
    Applied valid Machine POL from c:\gpos\{guid}
    Applied valid User Pol from c:\gpos\{guid}
    Applied vlaid Audit yPolicy CSV from c:\gpos\{guid}
    
    Local Policy Modified!
    
    Please restart the computer to refresh the Local Policy

    So I dutifully reboot, and try logging in as the non-admin user. No changes whatsoever. Everything is still unlocked and available. (The policy changes I made severely lock down non-admin users.)

    I also tried adding on "/mlgpo:users" and instead of those 4 "Applied valid..." lines, get a simple "users MLGPO... Modified!"

    But still no visible policy changes.

    I originally tried this with the "GPOPack" option, but running that has even less effect. Not even messages pretending to do something.

    Any suggestions?

    Thursday, February 21, 2013 6:22 AM

All replies

  • OK, I've resolved my issue.

    Apparently the right way to do this isn't to create policies that apply to only users then attempt to export that, because it doesn't work.

    What does work is creating policies that apply to everyone, export them, then use the mlgpo flag to apply to Users only on import.

    So far as I could tell from looking at files in the exported {guid} tree, nothing actually exported.

    By the way, the "compare" flag on the "empty" tree didn't work at all. First it failed because PowerScript couldn't run an unsigned script, then when I tried to run the compare again it failed with a VBScript error because something under the {guid} tree hadn't been cleaned up.

    And as a side note to that, I'm not very impressed by a "compare" function modifying stuff under the {guid} tree of stuff.

    I do, however, greatly appreciate this program. Now that I know how to go at what I need to do, it's going to do me a lot of good.

    Thursday, February 21, 2013 4:38 PM