none
LocalGPO not applying all GPOs exported from SCM GPO Backup RRS feed

  • Question

  • Hi,

    I'm trying to set a security baseline using SCM and the LocalGPO command line tool.

    Basically, I've installed SCM, and saved a backup of the baseline, and then run the cmd line tool.

    I get the following output.

    C:\Program Files (x86)\LocalGPO>LocalGPO.wsf /Path:C:\LocalGPO\{037d9a35-bf17-4c
    80-b746-28935b301e61}
    Microsoft (R) Windows Script Host Version 5.8
    Copyright (C) Microsoft Corporation. All rights reserved.


    Modifying Local Policy... this process can take a few moments.

    Applied valid INF from C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b301e61}
    Applied valid Machine POL from C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b301e61
    }
    No valid User POL to apply in C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b301e61}

    Applied valid Audit Policy CSV from C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b3
    01e61}

    Local Policy Modified!


    Please restart the computer to refresh the Local Policy

    The machine is a domain member already, is this were I'm going wrong?

    I figured you could apply local GPO's to servers as long as the Domain GPO didn't override which is our case.

    Anyway, when I reboot the machine, some changes are applied, and some aren't.

    Can anyone help?

    Thanks

    Wednesday, May 26, 2010 1:01 PM

All replies

  • Hi,

    Did you find the answer to this by any chance?

     

    Applied valid INF from C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b301e61}
    Applied valid Machine POL from C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b301e61
    }
    No valid User POL to apply in C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b301e61}

    Applied valid Audit Policy CSV from C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b3
    01e61}

    Local Policy Modified!

    Thursday, March 17, 2011 8:18 PM
  • Figured out the answer.  The LocalGPO.wsf script that comes with SCM has an issue with spaces in the names of folders, and is not finding the Audit.csv file, nor the Security file.  There is no user pol that gets created for some of the GPO's that get created by SCM, so you will not get that policy pushed.

     

    If you examine the folder structure of the GPO backup, you'll notice that there are folders that represent the different parts that are getting affected by the Policy.  You'll see two folders "Machine" and "User" if there are both Machine policies and user policies that are being affected by the changes you've made within SCM.


    You'll also notice a folder underneath the Machine folder call microsoft, and within that a folder "windows nt".  This folder is where the audit and Security database files live, under "Audit\audit.csv" and "SecEdit\GptTmpl.inf"  This would be all fine and good and will work like a charm.  If you make on change to the LocalGPO.wsf script as well as a change to the folder structure.  You have to take the space out of that folder "windows nt", and change the references to it in the LocalGPO.wsf script accordingly.

     

    Line 554 

    strInfPath = strBackupGPOPath & "\DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf"

     

    And line 557

     

    strCsvPath = strBackupGPOPath & "\DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\Audit.csv"

     

    Should be changed to

    strInfPath = strBackupGPOPath & "\DomainSysvol\GPO\Machine\microsoft\windowsnt\SecEdit\GptTmpl.inf"

                strCsvPath = strBackupGPOPath & "\DomainSysvol\GPO\Machine\microsoft\windowsnt\Audit\Audit.csv"

     

    Save the script, or do a save as to another name.  Run the new name with the  same variable /Path:Full path to GPO backup folder

    And you should see Audit and Security run successfully and all of the you wildest security dreams of pushing all of that out with a script come true.  

    SMR

     

    Monday, March 21, 2011 3:47 PM
  • Sorry to revive such an old thread..but,

    Almost all my wildest dreams came true except that i still get a message "No valid User POL to apply in..." Has anyone resolved that warning/error or know what its caused by?

    Wednesday, October 16, 2013 7:13 PM