There is no group policy on (untouched) iso. Everything is "not configured" by default. And changes you make to registry doesn't affect Group Policy. You have to choices: -either script: you run an install or post-install script with lgpo commands Basically you save policy settings as a text (that you can even edit in between) then re-create .pol from text and import to new system. For gpolicy security settings it's the same process, but with .cfg file (as well editable) and different commands (secedit). -you mount your Windows iso, open WIM image with 7zip and integrate your .pol files there (that you copy from an "online" system already set). I haven't tried with group policy security settings but might work the same way... Paths: C:\Windows\System32\GroupPolicy (.pol) C:\Windows\security (.sdb) ps lgpo commands are quite straightforward (I use the same link you posted) if you need more LGPO/secedit/GroupPolicy examples, you can find in my Optimization script. I struggled a bit with secedit so hope someone can find some use in it...