Utilities for Local Group Policy and IE Security Zones
Because of my work with the Federal Desktop Core Configuration, I’ve published a set of three utilities that manage Local Group Policy. The newest of these (ImportRegPol) parses registry.pol files and can convert their content to text. I’ve also created a utility to view and compare IE security zone settings that is particularly helpful on a system that has been locked down with Group Policy.
I also wrote a blog post on the FDCC blog describing compatibility problems caused by a widely-deployed registry hack that tries to prevent Autoplay.
Utility |
Description and Key Scenarios |
Applies full set of NIST FDCC settings into the Local Group Policy of a Windows XP or Windows Vista computer. Always applies Administrative Templates; FDCC security templates are optional. Current version not supported on versions of Windows other than XP and Vista (Win7 version to be created if/when NIST defines FDCC settings for Windows 7.) Intended for automated use; non-interactive. Intended as part of image building or image maintenance after deployment. Source code provided. |
|
Allows application of individual policy settings into the Local Group Policy of a Windows computer. These can include administrative template settings or security template settings. All input files are text-based, for ease of editing and customization. Intended for automated use; non-interactive. Designed to work in scenarios with Set_FDCC_LGPO. Primary purpose is to apply an organization’s variances from FDCC after running Set_FDCC_LGPO. Intended for same scenarios as Set_FDCC_LGPO. Source code provided. |
|
Reads a registry.pol file and then does one or both of the following: 1) Applies settings from the registry.pol file to the Computer or User Configuration settings in Local Group Policy on the current computer; 2) Writes out the settings to a text file in a format that can be consumed by Apply_LGPO_Delta. Intended for automated use; non-interactive. Intended as part of image building. Source code provided. |
|
GUI program to graphically display and compare two collections of IE security zone settings (policies or preferences for each of the security zones), highlighting settings that differ between the collections. Useful for seeing what settings are in effect (on a locked down system, the Security tab of the IE Properties dialog is mostly disabled), for comparing differences between zones, and more. |
Comments
Anonymous
October 02, 2009
Nice, very useful. Thanks for sharing.Anonymous
May 11, 2010
You aren't by any chance working on a version of the set_fdcc_lgpo that works with XP 64bit are you? I have a feeling I know the answer already. It feels like more effort has gone into supporting the 64 bit versions of Server 2k3, Vista, 7 and Server 2k8.