How to push Local Group Policy Settings for a specified Windows 7 User via a script.

By | August 2, 2013

With SCM’s (Microsoft Security Compliance Manager) LGPO.msi utility, it is very simple to capture and deploy policies created for the machine, Administrators group, and the Non-Administrators group. However, to deploy a LGPO profile assigned to a single user, no utility or automated method exist. This is solved with a simple powershell script. See the following tutorial.

1. In a VM (Virtual Machine), create the user and assign the desired LGPO settings with the gpedit.msc MMC.
2. Copy the content from the appropiate folder within the “C:\Windows\System32\GroupPolicyUsers\” directory. The folder will be named against the SID of the user.
3. Place the files in the “GP” folder within the following package and call a powershell script to create the SID folder name and copy the custom profile.

Link to example package:

/Brian G

Leave a Reply

Your email address will not be published. Required fields are marked *