Export a Local User Policy on Vista
I received an interesting question by mail the other day regarding my article about MLGO on Windowsecurity.com. The question was, if it is possible to export a local policy assigned to a specific user to a user on another computer…?
After scratching my head and researching a bit it seemed like nobody had a good answer for this and no GUI tool is apparently available - so I had to come up with something myself… This is the result:
The following undocumented - and probably unsupported - method worked for me:
On “Source Computer”:
1. Create/modify a local policy for the “Source User”
2. Go to “C:\Windows\System32\GroupPolicyUsers\” and locate the last modified policy folder
- the folder should be named with the SID (Security ID) of the “Source User”, e.g. “S-1-5-21-452792215-1268730067-2626448776-1108″
3. Copy the folder and content to the “Target Computer” into the same directory structure
On “Target Computer”:
1. Rename the newly copied folder to the SID of the “Target User” (the user who should receive the “exported” policy)
- how to find the SID of a local user?
2. Set NTFS permissions on the newly renamed folder to:
- SYSTEM = “Full Control”
- Administrators group = “Full Control”
- “Target User” = “Read & Execute”
3. Test a logon as the “Target User”, the policies should be correctly applied.
Done! Well, the procedure is a bid “odd”, but it could be scripted if required.
Popularity: 1%
Written by Jakob H. Heidelberg. Read more great feeds at is source WEBSITE
no comments.
Read more articles on policy and sid and mlgpo and group policies and vista and Windows.
- [+] Digg: Feature this article
- [+] Del.icio.us: Bookmark this article
- [+] Furl: Bookmark this article
