I have configured local Group Policy Objects on a Windows 10 Enterprise machine. After that, I exported these GPOs with the Microsoft tool
LGPO.exe /b [path]
This all works fine.
Now I used this GPO export to import it on a second installation (identical), like so:
LGPO.exe /g [path to export]
Everything seems to work as expected, there are no errors during the process.
After that, I updated the policies like
I can tell that some policies did in fact apply correctly, but some didn’t. After looking into
gpedit, I found that some of the policies regarding the "Security Template" did in fact not import (but some did). Why would this happen? I used the same technique before and it worked as far as I remember.
After further investigation into the LGPO export, I found that the settings regarding the Security Template are found in this file:
This file is structured like this:
[Unicode] ... [System Access] ... [Event Audit] ... [Registry Values] ... <-- These registry values listed here are not imported at all // some examples MACHINESoftwareMicrosoftWindows NTCurrentVersionSetupRecoveryConsoleSecurityLevel=4,0 MACHINESoftwareMicrosoftWindows NTCurrentVersionSetupRecoveryConsoleSetCommand=4,0 MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonAllocateCDRoms=1,"1" MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonAllocateDASD=1,"2" MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonAllocateFloppies=1,"1" MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonCachedLogonsCount=1,"1" MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonForceUnlockLogon=4,0 MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonPasswordExpiryWarning=4,7 MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonScRemoveOption=1,"1" MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemConsentPromptBehaviorAdmin=4,1 MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemConsentPromptBehaviorUser=4,1 MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableCAD=4,0 MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDontDisplayLastUserName=4,1 MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDontDisplayLockedUserId=4,1 [Privilege Rights] ... [Version] ...
So, how come that the list of settings stored in the "Registry Values" section does not import correctly?
I also tried to reinstall the second windows machine, but still not luck.