I received an interesting question by mail the other day regarding my article about MLGO on Windowsecurity.com. The question was, if it is possible to export a local policy assigned to a specific user to a user on another computer…?

After scratching my head and researching a bit it seemed like nobody had a good answer for this and no GUI tool is apparently available - so I had to come up with something myself… This is the result:

The following undocumented - and probably unsupported - method worked for me:

On “Source Computer”:
1. Create/modify a local policy for the “Source User”
2. Go to “C:\Windows\System32\GroupPolicyUsers\” and locate the last modified policy folder
- the folder should be named with the SID (Security ID) of the “Source User”, e.g. “S-1-5-21-452792215-1268730067-2626448776-1108″
3. Copy the folder and content to the “Target Computer” into the same directory structure

On “Target Computer”:
1. Rename the newly copied folder to the SID of the “Target User” (the user who should receive the “exported” policy)
- how to find the SID of a local user?
2. Set NTFS permissions on the newly renamed folder to:
- SYSTEM = “Full…