Local Group Policy - Backup and Restore in Windows

How to Back Up and Restore Local Group Policy in Windows


information   Information
The Local Group Policy Editor is a Microsoft Management Console (MMC) snap-in that provides a single user interface through which all the Computer Configuration and User Configuration settings of Local Group Policy objects can be managed for your computer.

This tutorial will show you how to back up local group policy (GPO) settings in Windows, and restore to the same or any Windows computer.

You must be signed in as an administrator to be able to do the steps in this tutorial.

Note   Note
In Vista, the Local Group Policy Editor will only be available to back up and restore in the Business, Ultimate, and Enterpise editions.

In Windows 7, the Local Group Policy Editor will only be available to back up and restore in the Professional, Ultimate, and Enterpise editions.

In Windows 8, RT, and 8.1, the Local Group Policy Editor will only be available to back up and restore in the Pro and Enterpise editions.


By default, local group policy settings are saved in the two hidden folders below. This is what this tutorial will be backing up and restoring for you using a .vbs file.

(Computer Configuration)
%SystemRoot%\System32\GroupPolicy\Machine

(User Configuration)
%SystemRoot%\System32\GroupPolicy\User

(User/Group Specific GPOs Configuration)
%SystemRoot%\System32\GroupPolicyUsers

warning   Warning
This will not include security policies from the Computer Configuration and User Configuration -> Windows Settings -> Security Settings.


EXAMPLE: Local Group Policy Editor

Local_Group_Policy_Editor.jpg





OPTION ONE

To Back Up Local Group Policy Editor Settings



1. Click/tap on the Download button below to download the .vbs file below.

Backup_Local_Group_Policy.vbs

download


2. Save the .vbs file to your desktop, and run it.

3. If prompted, click/tap on Open.
NOTE: If you like, you can stop getting the Open prompt by unblocking the downloaded .vbs file.[/SIZE]

4. Click/tap on Yes (Windows 7/8) or Continue (Vista) for UAC prompt.

5. You will now have a Local-Group-Policy-Backup folder on your desktop that is the backup of the local group policies on this PC.

6. Move this folder to where you like for safe keeping.
NOTE: Do not rename this folder since it must remain the exact same name to be able to use it in OPTION TWO below to restore them with.





OPTION TWO

To Restore Local Group Policy Editor Settings



1. Move or copy the Local-Group-Policy-Backup folder created from OPTION ONE above to your desktop.

2. Click/tap on the Download button below to download the .vbs file below.

Restore_Local_Group_Policy.vbs

download


3. Save the .vbs file to your desktop, and run it.

4. If prompted, click/tap on Open.
NOTE: If you like, you can stop getting the Open prompt by unblocking the downloaded .vbs file.

5. Click/tap on Yes (Windows 7/8) or Continue (Vista) for UAC prompt.

6. When both Computer and User policy update has completed successfully, you can close the command prompt. (see screenshot below)

Successful_Command.jpg


That's it,
Shawn


 

Attachments

  • Restore_Local_Group_Policy.vbs
    1.1 KB · Views: 3,717
  • Backup_Local_Group_Policy.vbs
    15.8 KB · Views: 1,510
  • Local_Group_Policy_Editor.png
    Local_Group_Policy_Editor.png
    1.1 KB · Views: 398
Last edited:
Hi.
For some reason I could not get it to work.

Backup:
Logged into Win 8.1 on computer 1 as admin user.
I copied the backup vbs-file to the desktop.
I ran the backup vbs-file by right click and open with command line.
I looked into the folder and it was not much files there.

I have locked the local group policy to a specific user called Kiosk.
I could not see anything in the copied user folder (even with all hidden files showing).
Checked the original folder (user) in in the win32 folder.
I could not see any file there in the user folder either.

Can anyone post a screenshots of the content for a spesific user.
I do not know whats wrong. :shock:

Update:
Î tried the neighbour folder GroupPolicyUsers and copied the content.
Noticed the folder names was filled with numbers.
And they were different.
Copied the content from the newest folder to the oldest folder.
Still no luck.

Yeah... :confused:

Update2:
Blah, I seem to have done it...

On the computer you want to import to:
Login as admin.
Win key + R
Type "mmc"
Add new snapin module -> Local policy
Lock mit to user ("Kiosk" user in my example).
Save mmc file to desktop.
Navigate to system32 in Windows folder.
Find the hidden folder GroupPolicyUsers.
Check that another hidden folder with many characters exits.
Copy the content from the similar folder on another computer to this folder.
Overwrite all files.
Run a gpupdate /force on the admin commandline.
I needed to restart twice then it was good.

Blah, going home to relax and watch some Netflix... ;)
 
Last edited:

My Computer

System One

  • OS
    Win8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Prodesk 600 G1
    Browser
    Opera/Firefox/IE
Hello Norway,

I've updated the .vbs files in the tutorial to help. Please download and try the new versions to see how they work for you now. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Hi.
Regarding this folder: %SystemRoot%\System32\GroupPolicyUsers
(User/Group Specific GPOs Configuration)

I tried to copy a folder in this folder.
It had a lot of numbers in it.
I pasted it in the "GroupPolicyUsers" folder on another computer.
And ran a gpupdate /force and a restart.
That did not work.
I came to think this was a unique folder name for that computer.
I ran MMC, added the snapin, connected to the user "Kiosk" which is a local computer account.
I saved a empty gpo profile and it then made a similar folder, but with a slight different name.
Copied all the content from the old folder to the new folder.
Ran a gpupdate /force and had to restart at least two times.
This time it worked.

So please be observant of this. :)
 
Last edited:

My Computer

System One

  • OS
    Win8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Prodesk 600 G1
    Browser
    Opera/Firefox/IE
Great news Norway. Thank you for posting back with your results. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Thanks Shawn! Fixed a very messed up PC! Group Policy was successfully copied from a known good computer to a computer with a corrupted Local Group Policy and now works like a Champ. Much appreciated! Windows Update and Windows Defender are now working.
 

My Computer

System One

  • OS
    Windows 7 Ulitimate/ Windows 8 Pro/Win 10 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Self Build(s)
    CPU
    i7 3770k(several)
    Motherboard
    Asus
You're most welcome dprather. I'm glad it could help. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Brink, thanks for helping me to gain a basic understanding of Local Group Policy. I just wanted to share my experience using your method above to copy LGP from one computer to another.

Using these scripts to copy Local Group Policy from one Windows 7 Ultimate computer to another only partially worked. My policy had computer, user and group settings in it. Only the group settings were being applied. The computer and user settings were not being applied. 'gpresult /r' reported the reason as:

The following GPOs were not applied because they were filtered out
Local Group Policy
Filtering: Not Applied (Empty)

After doing some exhaustive investigation it appears that the gpt.ini file has some pertinent information about the policy.

https://technet.microsoft.com/en-us/library/cc978247.aspx

Also, I've read that Domain based GPOs will not be applied if the permissions are not set correctly ( How to Implement Group Policy Security Filtering :: Windows 2003 :: Articles & Tutorials :: WindowsNetworking.com ). The Local Group Policy Editor does not have an ACL editor so I saved the ACLs from the computer I setup the LGP on and restored them after copying the entire GroupPolicy and GroupPolicyUsers directories to the destination computer. You can forgo transferring ACLs if you are copying these directories via a NTFS formatted drive (the ACLs will be preserved). Unfortunately I must use a CD to install the LGP onto the destination computers so I have to do this to preserve the ACLs.

So to transfer LGP from one computer to another I did the following. First, I copied GroupPolicy and GroupPolicyUsers to %userprofile%\Desktop\Local-Group-Policy-Backup. This can be done via Windows Explorer or command line via xcopy ('xcopy /c /e /h /k /x /o /i /q /y %SystemRoot%\System32\GroupPolicy %userprofile%\Desktop\Local-Group-Policy-Backup\GroupPolicy'). Note, I copied the entire GroupPolicy directory not just the subdirectories as the Backup script above does. Second, I saved the ACLs of the GroupPolicy and GroupPolicyUsers directories and contents (files and subdirectories) using 'icacls "%userprofile%\Desktop\Local-Group-Policy-Backup\*" /save AclFile'. Third, I burned the Local-Group-Policy-Backup directory along with the AclFile onto a CD (one could use a removable drive or a network to copy the files directly). I then copied GroupPolicy and GroupPolicyUsers onto the destination computer. The ACLs were restored to the copied files/directories using 'icacls "%SystemRoot%\System32" /restore AclFile'. Finally, I ran 'gpupdate /force'. All of the LGP settings were applied. 'gpresult /r' was showing no policies "not applied".

I hope this helps others that may experience the same problems using Brink's method.
 
Last edited:

My Computer

System One

  • OS
    Windows 7 and Windows 10
Thank you for sharing Paul, and welcome to Eight Forums. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Back
Top