Backup/Transfer Local Group Policy (User)

OS: Windows 10 Pro (version 2004)

I have been going crazy trying to figure out how to backup and transfer a user group-only policy without using a domain. I need to be able to setup a policy for non-administrators and use all the same setting configurations on dozens of computers that are not networked together or using a domain with a central policy, it has to be local-only.

So I found a program by Microsoft called LGPO which backs up a local group policy and allows you to import it onto another computer but I have to verify it does not backup the SID, because some day these machines will be on the same network which is why I bare metal cloned a sysprepped base image before trying to apply this policy.

The problem I am running into is that when I make changes to the "User Configuration" in the group policy editor it affects the users in the Administrators group as if I was applying them to "Computer Configuration" because there is no way for me to specify which user groups I want the policy applied to.

I was going to try messing with Group Policy Management Console but its missing from Windows Administrative Tools in Windows 10 Pro. The other method I found was opening a console window (MMC) and adding snap-ins (Group Policy Object Editor). Then clicking browse under group policy object, selecting the users tab and select the group I want to apply the policy to. This generates a GPO (Local Computer\Non-Administrators Policy) that I can then make changes to the way I would in policy editor. This works, and if I run the command "gpupdate /boot" it applies this policy to only non-administrators. The thing is I can not export this object out of console, it only gives me an option to "export list" and if I run LGPO to back it up it does not work. I noticed after the policy is applied if I look in the group policy editor the settings are not reflected there under "User Configuration" which must be why LGPO is not backing up the non-administrators policy even after it has updated and is working correctly. I also tried to save the console and open it on another computer but the settings are not saved.

So I need to either figure out how to get LGPO to backup the non-administrators policy or figure out how to make changes to user groups within group policy editor. Seems like this is a feature of the Group Policy Management Console but I was not able to add it to Windows 10 Pro with the add/remove features method.



Please help!

Hello mate,

You might check the method used in the tutorial below to backup group policy settings to see if it may help for what you want.

Backup and Restore Local Group Policy Settings in Windows 10

I hope it will work for you.

Great news. You're most welcome.

No problem. Here you go: :

Backup_Local_Group_Policy.vbs

Restore_Local_Group_Policy.vbs

Code:

If WScript.Arguments.length =0 Then
  		
Set objShell = CreateObject("Shell.Application")
objShell.ShellExecute "wscript.exe", Chr(34) & WScript.ScriptFullName & Chr(34) & " Run", , "runas", 1 

Else 
Set oShell = WScript.CreateObject ("WScript.Shell")

oShell.run ("cmd.exe /c RD /S /Q %SystemRoot%\System32\GroupPolicy\Machine"),0

oShell.run ("cmd.exe /c RD /S /Q %SystemRoot%\System32\GroupPolicy\User"),0

oShell.run ("cmd.exe /c xcopy /c /e /h /i /q /y C:\ATECH\Local-Group-Policy-Backup\Machine %SystemRoot%\System32\GroupPolicy\Machine"),0

oShell.run ("cmd.exe /c xcopy /c /e /h /i /q /y C:\ATECH\Local-Group-Policy-Backup\User %SystemRoot%\System32\GroupPolicy\User"),0

oShell.run ("cmd.exe /c xcopy /c /e /h /i /q /y C:\ATECH\Local-Group-Policy-Backup\GroupPolicyUsers %SystemRoot%\System32\GroupPolicyUsers"),0

WScript.Sleep 2000

oShell.run "cmd.exe /k gpupdate /force"

End If