Looking for a How-To on applying Local Group Policies to offline images

Discussion in 'Windows 10' started by no1special, May 21, 2019.

  1. no1special

    no1special MDL Junior Member

    Jun 25, 2017
    51
    10
    0
  2. Thomas Dubreuil

    Thomas Dubreuil MDL Senior Member

    Aug 29, 2017
    304
    504
    10
    #2 Thomas Dubreuil, May 21, 2019
    Last edited: May 21, 2019
    There is no group policy on (untouched) iso. Everything is "not configured" by default.
    And changes you make to registry doesn't affect Group Policy.

    You have to choices:
    -either script: you run an install or post-install script with lgpo commands
    Basically you save policy settings as a text (that you can even edit in between) then re-create .pol from text and import to new system.
    For gpolicy security settings it's the same process, but with .cfg file (as well editable) and different commands (secedit).

    -you mount your Windows iso, open WIM image with 7zip and integrate your .pol files there (that you copy from an "online" system already set).
    I haven't tried with group policy security settings but might work the same way...
    Paths:
    C:\Windows\System32\GroupPolicy (.pol)
    C:\Windows\security (.sdb)

    ps lgpo commands are quite straightforward (I use the same link you posted) if you need more LGPO/secedit/GroupPolicy examples, you can find in my Optimization script.
    I struggled a bit with secedit so hope someone can find some use in it...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Thomas Dubreuil

    Thomas Dubreuil MDL Senior Member

    Aug 29, 2017
    304
    504
    10
    #4 Thomas Dubreuil, May 22, 2019
    Last edited: May 22, 2019
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...