How to generate a custom LGPO based on FDCC

One of my customers requires additional security settings beyond the OMB-mandated Federal Desktop Core Configuration (FDCC) and I need to apply the settings as local policy during the MDT build process so that disconnected systems still get a baseline of policy.  So here’s the process I used to generate the policy objects and then apply…

1

Script to set Windows Vista audit policy

There’s probably a sexier way to do it, but the attached script (rename to .cmd) can be used to set Windows Vista SP1 audit policy using auditpol.  The current settings are based on the FDCC 2008 Q1 settings.  It must be run elevated.  I suggest using something like the following command line:CustomSetAuditPolicy-v2.cmd > C:\Windows\security\logs\CustomSetAuditPolicy.log 2>&1…

1