Partager via


Apply_LGPO_Delta 1.0: utility to apply custom changes to Local Policy

[2009-04-15: Attachment removed. Bookmark this page for the latest versions of these utilities.]  

Apply_LGPO_Delta v1.0 is a non-interactive tool that is designed to help make automated changes to Local Group Policy. It can make changes to registry-based policy as well as apply security templates. The primary intended scenario is to apply custom changes to FDCC policies after having applied those policies to Local Group Policy using a tool such as Set_FDCC_LGPO.

The utility requires administrative rights, and runs only on Windows XP Service Pack 2 or higher, or Windows Vista (RTM or higher). If the utility is run without admin rights or on an unsupported platform, an error message is displayed in a message box dialog.

More information is available in the documentation (Apply_LGPO_Delta.htm) included in the zip file attached to this blog post. The zip file also includes the utility, a set of starter input files representing common requested changes, and a batch file demonstrating command line syntax and conditional execution following Set_FDCC_LGPO.

Source code in the form of a Visual Studio 2005 VC++ project is available here.

Comments

  • Anonymous
    January 01, 2003
    [Aaron Margosis] My apologies for delayed response.  At this point we haven't opted to post anything that claims to revert FDCC settings to defaults, because it is difficult to assure that you are getting 100% reversion to pre-application state.  This is especially true with the file ACL edits that FDCC applies on XP systems, as well as with security options. The way I personally prefer to work for all my development and testing purposes is to use virtual machine technology (such asVirtual PC, Virtual Server, or Hyper-V) with "undo disks".  This gives me guaranteed 100% reversion with no side effects from previous testing.  On physical (non-virtual) systems, I prefer just wiping/loading from a well-defined repeatable deployment image. For production systems, I don't understand why you would ever want to completely revert to defaults after applying FDCC settings.

  • Anonymous
    January 01, 2003
    PingBack from http://blogs.technet.com/fdcc/archive/2008/05/07/apply-lgpo-delta-1-0-source-code.aspx

  • Anonymous
    January 01, 2003
    Apply_LGPO_Delta, a utility for automating the management of local group policy, is updated with a minor fix to prevent sharing-violation errors. The set of "starter" files is also updated.

  • Anonymous
    January 01, 2003
    You could post it on another URL and then post the link here. I would be very interested in taking a look at and testing the files a little myself.

  • Anonymous
    January 01, 2003
    TO: rliepins, Would it be possible to see what your template and registry based files look like?  We are also working to customize the latest released Q3 version of FDCC and rollback some of the settings using the LGPO_Delta utility. Thanks, Singood

  • Anonymous
    January 01, 2003
    if you would like rliepins, attach the documents and send them to my public profile email, and I can upload them to some web space for you an post a link. Just be sure you give me permission to distribute them in the email, and I will post the link here.

  • Anonymous
    January 01, 2003
    I have been working on a set of template files to back out of all FDCC settings, mainly to see if it could be done, but also to provide for those instances where a computer needs to be 'reset to defaults' to make sure it isn't FDCC causing an issue. Anyway, for Windows XP, I needed to create both security templates and registry-based policy files.  The result is a pretty close cleansing of the settings, but there have been a few settings that I could not back out of, no matter if I used the registry based policy files to delete the registry entry (thus, supposedly making the control "not configured") or a security template to null the entry.  So far, no luck for this list of 6, which are part of the MSS added entries. If I could get more information on how to remove the registry entries, I would be most appreciative.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Attachments might be an option - although I don't readily see how to do so...maybe A. Margosis might chime in and assist with providing all of us the ability to check out the rollback templates that rliepins developed?

  • Anonymous
    January 01, 2003
    That is not the purpose, nor target market of the document proposed. It is simply for testing purposes. Also, no two applications are exactly the same. Looking at work someone else has done can help if a problem arises in the future with the FDCC (as many have already), and allow a quicker solution than having to wipe a system and re-image. While most tools on this website are offered on the "AS-IS" basis, it had become my impression the objective of the forum was to offer better "understanding" through a variety of ways. Applying a different INF file and comparing would certainly help me as well as at least one other (Singood). [Aaron Margosis]  As I understood it, the request was for help composing scripts/templates to "undo" application of FDCC settings.  In my work I strive for results that are accurate and complete, and in this case that is difficult to achieve at best.  As I mentioned, IMHO there are better options.  Using virtual machines with "undo disks" is actually faster than running "undo" scripts and gives you much cleaner results.

  • Anonymous
    January 01, 2003
    I tried contacting him regarding attaching the templates, but have heard no response back.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Our Apply_LGPO_Delta application repeatedly produces the following error in the error log file:   Policy save failed; error code 0x80070020 The log file itself ends with the following:  ----Un-initialize configuration engine...  SECEDIT.EXE exited with exit code 3 Any clues?  It sounds similar to the errors the old version of Set_FDCC_LGPO was receiving. Any help would be most appreciated. [Aaron Margosis]  Apologies for the delay.  Apply_LGPO_Delta has now been updated with the same fix: http://blogs.technet.com/fdcc/pages/LGPO-Utilities.aspx

  • Anonymous
    January 01, 2003
    I would, but I am not sure if posting them here is the best place for this. Is the admin willing to allow for us to upload template files?