LocalGPO not applying all GPOs exported from SCM GPO Backup
Hi, I'm trying to set a security baseline using SCM and the LocalGPO command line tool. Basically, I've installed SCM, and saved a backup of the baseline, and then run the cmd line tool. I get the following output. C:\Program Files (x86)\LocalGPO>LocalGPO.wsf /Path:C:\LocalGPO\{037d9a35-bf17-4c 80-b746-28935b301e61} Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation. All rights reserved. Modifying Local Policy... this process can take a few moments. Applied valid INF from C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b301e61} Applied valid Machine POL from C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b301e61 } No valid User POL to apply in C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b301e61} Applied valid Audit Policy CSV from C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b3 01e61} Local Policy Modified! Please restart the computer to refresh the Local Policy The machine is a domain member already, is this were I'm going wrong? I figured you could apply local GPO's to servers as long as the Domain GPO didn't override which is our case. Anyway, when I reboot the machine, some changes are applied, and some aren't. Can anyone help? Thanks
May 26th, 2010 4:01pm

Hi, Did you find the answer to this by any chance? Applied valid INF from C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b301e61} Applied valid Machine POL from C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b301e61 } No valid User POL to apply in C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b301e61} Applied valid Audit Policy CSV from C:\LocalGPO\{037d9a35-bf17-4c80-b746-28935b3 01e61} Local Policy Modified!
Free Windows Admin Tool Kit Click here and download it now
March 17th, 2011 4:27pm

Figured out the answer. The LocalGPO.wsf script that comes with SCM has an issue with spaces in the names of folders, and is not finding the Audit.csv file, nor the Security file. There is no user pol that gets created for some of the GPO's that get created by SCM, so you will not get that policy pushed. If you examine the folder structure of the GPO backup, you'll notice that there are folders that represent the different parts that are getting affected by the Policy. You'll see two folders "Machine" and "User" if there are both Machine policies and user policies that are being affected by the changes you've made within SCM. You'll also notice a folder underneath the Machine folder call microsoft, and within that a folder "windows nt". This folder is where the audit and Security database files live, under "Audit\audit.csv" and "SecEdit\GptTmpl.inf" This would be all fine and good and will work like a charm. If you make on change to the LocalGPO.wsf script as well as a change to the folder structure. You have to take the space out of that folder "windows nt", and change the references to it in the LocalGPO.wsf script accordingly. Line 554 strInfPath = strBackupGPOPath & "\DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" And line 557 strCsvPath = strBackupGPOPath & "\DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\Audit.csv" Should be changed to strInfPath = strBackupGPOPath & "\DomainSysvol\GPO\Machine\microsoft\windowsnt\SecEdit\GptTmpl.inf" strCsvPath = strBackupGPOPath & "\DomainSysvol\GPO\Machine\microsoft\windowsnt\Audit\Audit.csv" Save the script, or do a save as to another name. Run the new name with the same variable /Path:Full path to GPO backup folder And you should see Audit and Security run successfully and all of the you wildest security dreams of pushing all of that out with a script come true. SMR
March 21st, 2011 11:49am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics