Exporting GPO setting on Member Servers using Secedit not Working

Pinkal Ganjawala 1 Reputation point
2020-09-29T13:33:47.847+00:00

OS Windows server 2012 R2 Datacenter

I want to be able to export some Software Restriction Policies from the Local Security Policy. I am trying this on member server machines.

The command I am trying to run is:

In powershell run as administration
Cd c:\
Secedit /export /mergedpolicy /cfg outputdata /quiet

I open the outputdata and it has not exported anything... Just this...

[Unicode]
Unicode=yes
[Version]
signature="$CHICAGO$"
Revision=1
[Profile Description]
Description=Default Security Settings. (Windows Server)

I am a little stuck now... any help would be appreciated!

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,002 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,525 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,775 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vicky Wang 2,646 Reputation points
    2020-09-30T09:05:59.333+00:00

    Hi,@Pinkal Ganjawala

    The local group policy settings and security settings can be transferred in a couple of steps:

    1. Security Settings:

    Right click Security Settings in Local Group Policy Editor (Edit Group Policy) and select Export Policy... Save the .inf file and transfer to the machine you wish to use the same settings. On the new machine, open a command prompt and use the secedit command

    secedit /configure /db c:\windows\security\local.sdb /cfg {.\path\to.inf}

    Review any errors that come back, I was dealing with user accounts trying to be set for permissions that did not exist on the new machine.

    1. The rest of Local Group Policy

    Locate the %systemroot%\system32\grouppolicy\ hidden folder and copy the sub folders to the target machine in the same location.

    Open a command prompt and use

    gpupdate /force

    1. The remains

    For the miscellanous I was able to use powershell commands to add or edit registry keys:

    Add:

    New-Item -Path HKCU:\Software -Name hsg –Force

    Edit:

    PS C:> Push-Location

    PS C:> Set-Location HKCU:\Software\hsg

    PS HKCU:\Software\hsg> Set-ItemProperty . newproperty "mynewvalue"

    Hope this information can help you
    Best wishes
    Vicky

    0 comments