LGPO.exe - Local Group Policy Object Utility, v1.0

Published Jun 18 2019 01:14 PM 90.8K Views
Former Employee
First published on TechNet on Jan 21, 2016
LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces the no-longer-maintained LocalGPO tool that shipped with the Security Compliance Manager (SCM), and the Apply_LGPO_Delta and ImportRegPol tools.


  • Import settings into local group policy from GPO backups or from individual policy component files, including Registry Policy (registry.pol), security templates, and advanced auditing CSV files.

  • Export local policy to a GPO backup.

  • Parse a Registry Policy (registry.pol) file to readable "LGPO text" directly to the console or redirected to a file which can edited and imported into local policy.

  • Build a new Registry Policy (registry.pol) file from "LGPO text".

  • Enable group policy client side extensions for local policy processing.

The zip file attached to this post includes LGPO.exe and full documentation. This is the command line syntax:

LGPO.exe v1.00 - Local Group Policy Object utility

LGPO.exe has four modes:
* Import and apply policy settings;
* Export local policy to a GPO backup;
* Parse a registry.pol file to "LGPO text" format;
* Build a registry.pol file from "LGPO text".

To apply policy settings:

LGPO.exe command [...]

where "command" is one or more of the following (each of which can be repeated):

/g path               import settings from one or more GPO backups under "path"
/m path\registry.pol  import settings from registry.pol into machine config
/u path\registry.pol  import settings from registry.pol into user config
/s path\GptTmpl.inf   apply security template
/a[c] path\Audit.csv  apply advanced auditing settings; /ac to clear policy first
/t path\lgpo.txt      apply registry commands from LGPO text
/e <name>|<guid>      enable GP extension for local policy processing; specify a
GUID, or one of these names:
* "zone" for IE zone mapping extension
* "mitigation" for mitigation options, including font blocking
* "audit" for advanced audit policy configuration
/boot                 reboot after applying policies
/v                    verbose output
/q                    quiet output (no headers)

To create a GPO backup from local policy:

LGPO.exe /b path [/n GPO-name]

/b path               Create GPO backup in "path"
/n GPO-name           Optional GPO display name (use quotes if it contains spaces)

To parse a Registry.pol file to LGPO text (stdout):

LGPO.exe /parse [/q] {/m|/u} path\registry.pol

/m path\registry.pol  parse registry.pol as machine config commands
/u path\registry.pol  parse registry.pol as user config commands
/q                    quiet output (no headers)

To build a Registry.pol file from LGPO text:

LGPO.exe /r path\lgpo.txt /w path\registry.pol [/v]

/r path\lgpo.txt      Read input from LGPO text file
/w path\registry.pol  Write new registry.pol file

(See the documentation for more information and examples.)

[Update: the latest version of LGPO.exe is here .]
Version history
Last update:
‎Jun 18 2019 01:14 PM
Updated by: