LGPO.exe - Local Group Policy Object Utility, v1.0

LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces the no-longer-maintained LocalGPO tool that shipped with the Security Compliance Manager (SCM), and the Apply_LGPO_Delta and ImportRegPol tools.

Features:

  • Import settings into local group policy from GPO backups or from individual policy component files, including Registry Policy (registry.pol), security templates, and advanced auditing CSV files.
  • Export local policy to a GPO backup.
  • Parse a Registry Policy (registry.pol) file to readable "LGPO text" directly to the console or redirected to a file which can edited and imported into local policy.
  • Build a new Registry Policy (registry.pol) file from "LGPO text".
  • Enable group policy client side extensions for local policy processing.

The zip file attached to this post includes LGPO.exe and full documentation. This is the command line syntax:

LGPO.exe v1.00 - Local Group Policy Object utility

LGPO.exe has four modes:
  * Import and apply policy settings;
  * Export local policy to a GPO backup;
  * Parse a registry.pol file to "LGPO text" format;
  * Build a registry.pol file from "LGPO text".

To apply policy settings:

    LGPO.exe command [...]

    where "command" is one or more of the following (each of which can be repeated):

    /g path               import settings from one or more GPO backups under "path"
    /m path\registry.pol  import settings from registry.pol into machine config
    /u path\registry.pol  import settings from registry.pol into user config
    /s path\GptTmpl.inf   apply security template
    /a[c] path\Audit.csv  apply advanced auditing settings; /ac to clear policy first
    /t path\lgpo.txt      apply registry commands from LGPO text
    /e <name>|<guid>      enable GP extension for local policy processing; specify a
                          GUID, or one of these names:
                          * "zone" for IE zone mapping extension
                          * "mitigation" for mitigation options, including font blocking
                          * "audit" for advanced audit policy configuration
    /boot                 reboot after applying policies
    /v                    verbose output
    /q                    quiet output (no headers)

To create a GPO backup from local policy:

    LGPO.exe /b path [/n GPO-name]

    /b path               Create GPO backup in "path"
    /n GPO-name           Optional GPO display name (use quotes if it contains spaces)

To parse a Registry.pol file to LGPO text (stdout):

    LGPO.exe /parse [/q] {/m|/u} path\registry.pol

    /m path\registry.pol  parse registry.pol as machine config commands
    /u path\registry.pol  parse registry.pol as user config commands
    /q                    quiet output (no headers)

To build a Registry.pol file from LGPO text:

    LGPO.exe /r path\lgpo.txt /w path\registry.pol [/v]

    /r path\lgpo.txt      Read input from LGPO text file
    /w path\registry.pol  Write new registry.pol file

(See the documentation for more information and examples.)

[Update: the latest version of LGPO.exe is here.]