Remote Support
Remote Access
Monitoring and Management
Presentation
Remote Work
Standard
Business
EnterpriseWARNING: TEST THIS FIRST! DON’T DO THIS ON PRODUCTION SYSTEMS WITHOUT TESTING
A new Win10 PC doesn’t have any policies set, so there isn’t a Registry.pol file in C:\Windows\System32\GroupPolicy\Machine or User
If you want to reset a PC back to OEM config with no policies, simply delete the Machine & User folders then run GPUpdate.exe /force
PREP:
Here’s the steps to take to create a backup of the policy change:
- Go to a clean PC and go into GPEdit.msc and make the policy changes manually that you want to automate
- Download LGPO.exe and add it to the System32 directory from here: https://www.microsoft.com/en-us/download/details.aspx?id=55319
- Create C:\GPO folder (use any folder you want, I’m just using this folder in this tutorial)
- To make sure the changes are showing up in the Registry.pol file, run the following: LGPO.exe /parse /q /m C:\Windows\System32\GroupPolicy\Machine\Registry.pol
- If everything looks good, create a backup in a text file (same command as above) with an output: LGPO.exe /parse /q /m C:\Windows\System32\GroupPolicy\Machine\Registry.pol > NEW_POLICY.txt
- Edit the text file and remove any entries you don’t want changed in any other PCs
THE TOOLBOX:
Create a toolbox that drops LGPO.exe into the C:\Windows\System32 directory, and the NEW_POLICY.txt file to C:\GPO
Here’s the BAT script to create in the toolbox:
lgpo.exe /r C:\GPO\NEW_POLICY.txt /w C:\Windows\System32\GroupPolicy\Machine\Registry.pol /v
gpupdate /force
ipconfig /flushdns
<add any cleanup commands to remove the files/folders you created>
Let me know if I missed anything.
Drew