LGPO.exe - Local Group Policy Object Utility, v1.0

Published Jun 18 2019 01:14 PM 66.4K Views
Former Employee
First published on TechNet on Jan 21, 2016
LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces the no-longer-maintained LocalGPO tool that shipped with the Security Compliance Manager (SCM), and the Apply_LGPO_Delta and ImportRegPol tools.

Features:

  • Import settings into local group policy from GPO backups or from individual policy component files, including Registry Policy (registry.pol), security templates, and advanced auditing CSV files.

  • Export local policy to a GPO backup.

  • Parse a Registry Policy (registry.pol) file to readable "LGPO text" directly to the console or redirected to a file which can edited and imported into local policy.

  • Build a new Registry Policy (registry.pol) file from "LGPO text".

  • Enable group policy client side extensions for local policy processing.


The zip file attached to this post includes LGPO.exe and full documentation. This is the command line syntax:

LGPO.exe v1.00 - Local Group Policy Object utility

LGPO.exe has four modes:
* Import and apply policy settings;
* Export local policy to a GPO backup;
* Parse a registry.pol file to "LGPO text" format;
* Build a registry.pol file from "LGPO text".

To apply policy settings:

LGPO.exe command [...]

where "command" is one or more of the following (each of which can be repeated):

/g path               import settings from one or more GPO backups under "path"
/m path\registry.pol  import settings from registry.pol into machine config
/u path\registry.pol  import settings from registry.pol into user config
/s path\GptTmpl.inf   apply security template
/a[c] path\Audit.csv  apply advanced auditing settings; /ac to clear policy first
/t path\lgpo.txt      apply registry commands from LGPO text
/e <name>|<guid>      enable GP extension for local policy processing; specify a
GUID, or one of these names:
* "zone" for IE zone mapping extension
* "mitigation" for mitigation options, including font blocking
* "audit" for advanced audit policy configuration
/boot                 reboot after applying policies
/v                    verbose output
/q                    quiet output (no headers)

To create a GPO backup from local policy:

LGPO.exe /b path [/n GPO-name]

/b path               Create GPO backup in "path"
/n GPO-name           Optional GPO display name (use quotes if it contains spaces)

To parse a Registry.pol file to LGPO text (stdout):

LGPO.exe /parse [/q] {/m|/u} path\registry.pol

/m path\registry.pol  parse registry.pol as machine config commands
/u path\registry.pol  parse registry.pol as user config commands
/q                    quiet output (no headers)

To build a Registry.pol file from LGPO text:

LGPO.exe /r path\lgpo.txt /w path\registry.pol [/v]

/r path\lgpo.txt      Read input from LGPO text file
/w path\registry.pol  Write new registry.pol file

(See the documentation for more information and examples.)

[Update: the latest version of LGPO.exe is here .]
3 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-701045%22%20slang%3D%22en-US%22%3ELGPO.exe%20-%20Local%20Group%20Policy%20Object%20Utility%2C%20v1.0%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-701045%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3EFirst%20published%20on%20TechNet%20on%20Jan%2021%2C%202016%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%20LGPO.exe%20is%20a%20new%20command-line%20utility%20to%26nbsp%3Bautomate%20the%20management%20of%26nbsp%3Blocal%20group%20policy.%20It%20replaces%20the%20no-longer-maintained%20LocalGPO%20tool%20that%20shipped%26nbsp%3Bwith%20the%20Security%20Compliance%20Manager%20(SCM)%2C%20and%20the%20Apply_LGPO_Delta%20and%20ImportRegPol%20tools.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Features%3A%20%3CBR%20%2F%3E%3CUL%3E%3CBR%20%2F%3E%3CLI%3EImport%20settings%20into%20local%20group%20policy%20from%20GPO%20backups%20or%20from%20individual%20policy%20component%20files%2C%20including%20Registry%20Policy%20(registry.pol)%2C%20security%20templates%2C%20and%20advanced%20auditing%20CSV%20files.%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EExport%20local%20policy%20to%20a%20GPO%20backup.%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EParse%20a%20Registry%20Policy%20(registry.pol)%20file%20to%20readable%20%22LGPO%20text%22%20directly%20to%20the%20console%20or%20redirected%20to%20a%20file%20which%20can%20edited%20and%20imported%20into%20local%20policy.%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EBuild%20a%20new%20Registry%20Policy%20(registry.pol)%20file%20from%20%22LGPO%20text%22.%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EEnable%20group%20policy%20client%20side%20extensions%20for%20local%20policy%20processing.%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FUL%3E%3CBR%20%2F%3E%20The%20zip%20file%20attached%20to%20this%20post%20includes%20LGPO.exe%20and%20full%20documentation.%20This%20is%20the%20command%20line%20syntax%3A%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20LGPO.exe%20v1.00%20-%20Local%20Group%20Policy%20Object%20utility%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20LGPO.exe%20has%20four%20modes%3A%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20*%20Import%20and%20apply%20policy%20settings%3B%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20*%20Export%20local%20policy%20to%20a%20GPO%20backup%3B%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20*%20Parse%20a%20registry.pol%20file%20to%20%22LGPO%20text%22%20format%3B%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20*%20Build%20a%20registry.pol%20file%20from%20%22LGPO%20text%22.%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3ETo%20apply%20policy%20settings%3A%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20LGPO.exe%20command%20%5B...%5D%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20where%20%22command%22%20is%20one%20or%20more%20of%20the%20following%20(each%20of%20which%20can%20be%20repeated)%3A%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fg%20path%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20import%20settings%20from%20one%20or%20more%20GPO%20backups%20under%20%22path%22%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fm%20path%5Cregistry.pol%26nbsp%3B%20import%20settings%20from%20registry.pol%20into%20machine%20config%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fu%20path%5Cregistry.pol%26nbsp%3B%20import%20settings%20from%20registry.pol%20into%20user%20config%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fs%20path%5CGptTmpl.inf%26nbsp%3B%26nbsp%3B%20apply%20security%20template%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fa%5Bc%5D%20path%5CAudit.csv%26nbsp%3B%20apply%20advanced%20auditing%20settings%3B%20%2Fac%20to%20clear%20policy%20first%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Ft%20path%5Clgpo.txt%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20apply%20registry%20commands%20from%20LGPO%20text%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fe%20%3CNAME%3E%7C%3CGUID%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20enable%20GP%20extension%20for%20local%20policy%20processing%3B%20specify%20a%20%3C%2FGUID%3E%3C%2FNAME%3E%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20GUID%2C%20or%20one%20of%20these%20names%3A%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20*%20%22zone%22%20for%20IE%20zone%20mapping%20extension%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20*%20%22mitigation%22%20for%20mitigation%20options%2C%20including%20font%20blocking%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20*%20%22audit%22%20for%20advanced%20audit%20policy%20configuration%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fboot%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20reboot%20after%20applying%20policies%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fv%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20verbose%20output%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fq%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20quiet%20output%20(no%20headers)%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20To%20create%20a%20GPO%20backup%20from%20local%20policy%3A%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20LGPO.exe%20%2Fb%20path%20%5B%2Fn%20GPO-name%5D%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fb%20path%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Create%20GPO%20backup%20in%20%22path%22%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fn%20GPO-name%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Optional%20GPO%20display%20name%20(use%20quotes%20if%20it%20contains%20spaces)%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20To%20parse%20a%20Registry.pol%20file%20to%20LGPO%20text%20(stdout)%3A%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20LGPO.exe%20%2Fparse%20%5B%2Fq%5D%20%7B%2Fm%7C%2Fu%7D%20path%5Cregistry.pol%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fm%20path%5Cregistry.pol%26nbsp%3B%20parse%20registry.pol%20as%20machine%20config%20commands%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fu%20path%5Cregistry.pol%26nbsp%3B%20parse%20registry.pol%20as%20user%20config%20commands%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fq%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20quiet%20output%20(no%20headers)%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20To%20build%20a%20Registry.pol%20file%20from%20LGPO%20text%3A%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20LGPO.exe%20%2Fr%20path%5Clgpo.txt%20%2Fw%20path%5Cregistry.pol%20%5B%2Fv%5D%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fr%20path%5Clgpo.txt%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Read%20input%20from%20LGPO%20text%20file%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%2Fw%20path%5Cregistry.pol%26nbsp%3B%20Write%20new%20registry.pol%20file%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20(See%20the%20documentation%20for%20more%20information%20and%20examples.)%20%3C%2FSPAN%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CSPAN%20style%3D%22color%3A%20%23ff0000%3B%22%3E%20%5BUpdate%3A%20the%20latest%20version%20of%20LGPO.exe%20is%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fdownload%2Fdetails.aspx%3Fid%3D55319%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20here%20%3C%2FA%3E%20.%5D%3C%2FSPAN%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-701045%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20TechNet%20on%20Jan%2021%2C%202016%20LGPO.%3C%2FLINGO-TEASER%3E
Version history
Last update:
‎Jun 18 2019 01:14 PM
Updated by: