LGPO.exe – Local Group Policy Object Utility, v1.0

LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces the no-longer-maintained LocalGPO tool that shipped with the Security Compliance Manager (SCM), and the Apply_LGPO_Delta and ImportRegPol tools. Features: Import settings into local group policy from GPO backups or from individual policy component files, including Registry Policy (registry.pol), security templates, and advanced…


Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL

Microsoft has published its security guidance and baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11.  If you have been reluctant to evaluate or deploy these technologies in the absence of specific USGCB guidance, NIST essentially says, “Use the vendor’s guidance.”  Here is the vendor’s guidance.  Please see these three new blog…


Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11

Although the US Government has not published a US Government Configuration Baseline (USGCB) standard for Windows 8 or Windows 8.1, Microsoft has just published a beta release of Microsoft security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11.  It includes documentation, GPOs, and scripts for installing the recommended settings to local group…


Set_FDCC_LGPO for Windows 7…

… is not needed and will not be created.  I had kind of blogged about this a while back but it was hidden under a more general title, so the question about Set_FDCC_LGPO on Windows 7 continues to get asked. This post offers another easy and flexible way for you to apply NIST’s GPOs and…



Along with the release of official government guidance for Windows 7, NIST has rebranded the Federal Desktop Core Configuration (FDCC) as the United States Government Configuration Baseline (USGCB).  NIST’s spreadsheets, Group Policy Objects (GPOs) and virtual hard disks (VHDs) for Windows 7 can be downloaded from http://usgcb.nist.gov.  From this point forward, “FDCC” is just a four-letter…


Sample Files for Apply_LGPO_Delta

Apply_LGPO_Delta used to come with a bunch of sample files to address some common needs for policy adjustment, as well as a batch file to run Set_FDCC_LGPO and Apply_LGPO_Delta in sequence.  Those samples inadvertently got omitted from an upload at one point.  I’ve updated those sample files and added some new ones.  They are attached…


Updated LGPO utility sources

The updated sources corresponding to the updated versions of the Apply_LGPO_Delta and ImportRegPol utilities are attached to this post. LGPO-Utilities-sources.zip


Apply_LGPO_Delta and ImportRegPol updated

I discovered an “unintended feature” in the Apply_LGPO_Delta and ImportRegPol utilities, which I have fixed in the versions now posted to the LGPO Utilities page.  The “feature” (OK, the “bug”) allowed commands to set a registry value and to delete that registry value not to overwrite each other in the resulting registry policy file. This…


Source code for New and Updated Local Group Policy utilities

Visual Studio 2008 source and project files for the new ImportRegPol utility and the updated Set_FDCC_LGPO and Apply_LGPO_Delta utilities for managing Local Group Policy Objects. Note that these are all now Visual Studio 2008 projects. [Update Jan 15 2010:  new versions released — see the LGPO Utilities page]


New and Updated Local Group Policy Utilities

A customer requested an addition to the local group policy toolset posted on the FDCC blog.  While working on the new utility, I needed to upgrade the other two.  The full set is attached to this post, with documentation.  The source code for all of them is attached to a separate post. The new utility,…