question

BillClark-1118 avatar image
0 Votes"
BillClark-1118 asked LimitlessTechnology-2700 answered

Windows 10 - Local Group Policy changes

We have several Windows 10 clients on our network that are not joined to our AD domain(and they need to stay this way). I'm modifying a few Computer policies(Windows update settings) using GPEdit.msc on one of the clients and before I copy the resulting c:\windows\system32\grouppolicy*.* to another similar client, I want to know if there is any SID or unique client information contained in the Local Group Policy that would be duplicated. While I want the same Windows Update settings applied, the clients need to keep their own unique identity.

windows-10-generalwindows-group-policy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Reza-Ameri avatar image
0 Votes"
Reza-Ameri answered Reza-Ameri commented

Have you consider using Import-GPO command in the PowerShell and you may use it to import Group Policy object, take a look at:
https://docs.microsoft.com/en-us/powershell/module/grouppolicy/import-gpo
You may write a PowerShell command execute it to import GPO on clients.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Doesn't that tool apply to domain-based Group Policy? From what I know of Local Group Policy there isn't a mechanism to import/export parts of the whole of the local policy, but maybe I'm wrong?

0 Votes 0 ·

There is another command which is for the the domain and it is New-GPO but the command I just shared is local and if you checked the document I just shared, it giving address of the local drive instead of the domain.

0 Votes 0 ·
MotoX80 avatar image
0 Votes"
MotoX80 answered

I used to support internet exposed web servers which were in an isolated network. They were not allowed to be domain members. To configure those servers I used the Security Configuration and Analysis tool to define a template with audit polices, password policies, eventlog settings, etc. We had a .bat file that used secedit.exe to apply those settings to new servers. It also used reg.exe to import registry entries from .reg files.


https://petri.com/using-windows-server-2012-security-configuration-and-analysis-tool

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi there,

I think the SID will not be duplicated in this scenario.
If you ask, having multiple computers with the same machine SID is a problem?
It’s not the SID that ultimately gates access to a computer, but an account’s user name and password: simply knowing the SID of an account on a remote system doesn’t allow you access to the computer or any resources on it.

The Machine SID Duplication Myth (and Why Sysprep Matters)
https://techcommunity.microsoft.com/t5/windows-blog-archive/the-machine-sid-duplication-myth-and-why-sysprep-matters/ba-p/723859



If the reply is helpful, please Upvote and Accept it as an answer

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.