locked
How to Export Non-Administrators Local GPO for import on a different PC RRS feed

  • Question

  • How to export Non-Administrators Local Group Policy and import on another PC?

    All articles for exporting local GPO say to copy the C:\Windows\System32\GroupPolicy and C:\Windows\System32\GroupPolicyUsers folder to another PC however that only works for changes done to the "Local Computer" or "User" (if you alter the SIDs to match), respectively. It doesn't work to import Non-Admin Local GPO.

    There are several requests for this you can find when searching and no solutions provided.

    Tuesday, September 16, 2014 11:44 AM

Answers

  • I'll have to test with that. However, I did manage to make it work on my own.

    What I found is that this Non-Administrator's GPO is saved in the c:\Windows\System32\GroupPolicyUsers\S-1-5-32-545 folder but the S-1-5-32-545 folder doesn't always seem to generate automatically (yes, I had viewing hidden and system files enabled).

    An easy way to force the folder to appear is to go to the Windows Settings\Scripts\Logon policy of the non-admin GPO and select to add a script. Then click the Show Files button at the bottom of the Logon Properties window.

    A folder named S-1-5-32-545 will appear with a User folder in it and a registry.pol file in it. Copy the entire SID folder to the new PC.

    • Marked as answer by Travis040 Wednesday, September 17, 2014 8:31 PM
    Wednesday, September 17, 2014 8:31 PM

All replies

  • Hi,

    For manage local GPO, we could take use of the LocalGPO tool included in the SCM.

    LocalGPO allows you to manage the local group policy objects (LGPO) on non-domain joined computers. You can use LocalGPO to backup the LGPO from a stand-alone machine. You can also use it to apply the settings from a GPO backup to other computers, this includes GPO backups created by LocalGPO, SCM, or the Active Directory Domain Services GPO backups created with the Group Policy Management Console.

    Here is a good article talking about it:

    SCM v2 Beta: LocalGPO Rocks!

    And here is a thread for reference:

    Using LocalGPO.wsf for standalone PC's

    Best regards


    Michael Shao
    TechNet Community Support

    Wednesday, September 17, 2014 7:51 AM
  • I'll have to test with that. However, I did manage to make it work on my own.

    What I found is that this Non-Administrator's GPO is saved in the c:\Windows\System32\GroupPolicyUsers\S-1-5-32-545 folder but the S-1-5-32-545 folder doesn't always seem to generate automatically (yes, I had viewing hidden and system files enabled).

    An easy way to force the folder to appear is to go to the Windows Settings\Scripts\Logon policy of the non-admin GPO and select to add a script. Then click the Show Files button at the bottom of the Logon Properties window.

    A folder named S-1-5-32-545 will appear with a User folder in it and a registry.pol file in it. Copy the entire SID folder to the new PC.

    • Marked as answer by Travis040 Wednesday, September 17, 2014 8:31 PM
    Wednesday, September 17, 2014 8:31 PM
  • Hi,

    Thank your for your kindly sharing and update.

    If any more questions, please feel free to ask in TechNet.

    Best regards


    Michael Shao
    TechNet Community Support

    Thursday, September 18, 2014 1:49 AM
  • Thank you!!! I've been working on locking down new public systems for days. I stumbled across the instructions for the Non-Administrators GPO, but then couldn't figure out how to export/import between the other systems. Great work! I'd upvote your solution a few more times if I could!
    Thursday, September 3, 2015 7:04 PM
  • Thanks for this Travis! I have been locking down computers with the Non-Admin Group Policy and was looking for a way to copy it to existing PC's in an environment. This saved me a lot of work!
    Tuesday, July 5, 2016 11:49 AM