Local Group Policy - Backup and Restore in Windows

How to Back Up and Restore Local Group Policy in Windows​

   Information

The Local Group Policy Editor is a Microsoft Management Console (MMC) snap-in that provides a single user interface through which all the Computer Configuration and User Configuration settings of Local Group Policy objects can be managed for your computer.

This tutorial will show you how to back up local group policy (GPO) settings in Windows, and restore to the same or any Windows computer.

You must be signed in as an administrator to be able to do the steps in this tutorial.

   Note

In Vista, the Local Group Policy Editor will only be available to back up and restore in the Business, Ultimate, and Enterpise editions.

In Windows 7, the Local Group Policy Editor will only be available to back up and restore in the Professional, Ultimate, and Enterpise editions.

In Windows 8, RT, and 8.1, the Local Group Policy Editor will only be available to back up and restore in the Pro and Enterpise editions.

By default, local group policy settings are saved in the two hidden folders below. This is what this tutorial will be backing up and restoring for you using a .vbs file.

(Computer Configuration)
%SystemRoot%\System32\GroupPolicy\Machine

(User Configuration)
%SystemRoot%\System32\GroupPolicy\User

(User/Group Specific GPOs Configuration)
%SystemRoot%\System32\GroupPolicyUsers

   Warning

This will not include security policies from the Computer Configuration and User Configuration -> Windows Settings -> Security Settings.

EXAMPLE: Local Group Policy Editor

OPTION ONE

To Back Up Local Group Policy Editor Settings

1. Click/tap on the Download button below to download the .vbs file below.

Backup_Local_Group_Policy.vbs




2. Save the .vbs file to your desktop, and run it.

3. If prompted, click/tap on Open.
NOTE: If you like, you can stop getting the Open prompt by unblocking the downloaded .vbs file.[/SIZE]

4. Click/tap on Yes (Windows 7/8) or Continue (Vista) for UAC prompt.

5. You will now have a Local-Group-Policy-Backup folder on your desktop that is the backup of the local group policies on this PC.

6. Move this folder to where you like for safe keeping.
NOTE: Do not rename this folder since it must remain the exact same name to be able to use it in OPTION TWO below to restore them with.

OPTION TWO

To Restore Local Group Policy Editor Settings

1. Move or copy the Local-Group-Policy-Backup folder created from OPTION ONE above to your desktop.

2. Click/tap on the Download button below to download the .vbs file below.

Restore_Local_Group_Policy.vbs




3. Save the .vbs file to your desktop, and run it.

4. If prompted, click/tap on Open.
NOTE: If you like, you can stop getting the Open prompt by unblocking the downloaded .vbs file.

5. Click/tap on Yes (Windows 7/8) or Continue (Vista) for UAC prompt.

6. When both Computer and User policy update has completed successfully, you can close the command prompt. (see screenshot below)




That's it,
Shawn

Related Tutorials

---

• How to Open the Local Group Policy Editor in Vista
• How to Open Local Group Policy Editor in Windows 7 and Windows 8
• How to Reset Local Group Policy to Default in Windows
• How to Quickly View Enabled Group Policies in Windows
• How to Apply Local Group Policies to All Users Except Administrators
• How to Apply Local Group Policies to a Specific User or Group in Windows
• How to Force Group Policy Updates to be Applied Instantly in Windows
• How to Add "Local Group Policy Editor" to Control Panel in Windows

 

[nissimezra]

awesome

 

[norway2015]

Hi.
For some reason I could not get it to work.

Backup:
Logged into Win 8.1 on computer 1 as admin user.
I copied the backup vbs-file to the desktop.
I ran the backup vbs-file by right click and open with command line.
I looked into the folder and it was not much files there.

I have locked the local group policy to a specific user called Kiosk.
I could not see anything in the copied user folder (even with all hidden files showing).
Checked the original folder (user) in in the win32 folder.
I could not see any file there in the user folder either.

Can anyone post a screenshots of the content for a spesific user.
I do not know whats wrong. :shock:

Update:
Î tried the neighbour folder GroupPolicyUsers and copied the content.
Noticed the folder names was filled with numbers.
And they were different.
Copied the content from the newest folder to the oldest folder.
Still no luck.

Yeah...

Update2:
Blah, I seem to have done it...

On the computer you want to import to:
Login as admin.
Win key + R
Type "mmc"
Add new snapin module -> Local policy
Lock mit to user ("Kiosk" user in my example).
Save mmc file to desktop.
Navigate to system32 in Windows folder.
Find the hidden folder GroupPolicyUsers.
Check that another hidden folder with many characters exits.
Copy the content from the similar folder on another computer to this folder.
Overwrite all files.
Run a gpupdate /force on the admin commandline.
I needed to restart twice then it was good.

Blah, going home to relax and watch some Netflix...

 

[Brink]

Hello Norway,

I've updated the .vbs files in the tutorial to help. Please download and try the new versions to see how they work for you now.

 

[norway2015]

Hi.
Regarding this folder: %SystemRoot%\System32\GroupPolicyUsers
(User/Group Specific GPOs Configuration)

I tried to copy a folder in this folder.
It had a lot of numbers in it.
I pasted it in the "GroupPolicyUsers" folder on another computer.
And ran a gpupdate /force and a restart.
That did not work.
I came to think this was a unique folder name for that computer.
I ran MMC, added the snapin, connected to the user "Kiosk" which is a local computer account.
I saved a empty gpo profile and it then made a similar folder, but with a slight different name.
Copied all the content from the old folder to the new folder.
Ran a gpupdate /force and had to restart at least two times.
This time it worked.

So please be observant of this.

 

[Brink]

Great news Norway. Thank you for posting back with your results.

 

[dprather]

Thanks Shawn! Fixed a very messed up PC! Group Policy was successfully copied from a known good computer to a computer with a corrupted Local Group Policy and now works like a Champ. Much appreciated! Windows Update and Windows Defender are now working.

 

[Brink]

You're most welcome dprather. I'm glad it could help.

 

[PaulAV]

Brink, thanks for helping me to gain a basic understanding of Local Group Policy. I just wanted to share my experience using your method above to copy LGP from one computer to another.

Using these scripts to copy Local Group Policy from one Windows 7 Ultimate computer to another only partially worked. My policy had computer, user and group settings in it. Only the group settings were being applied. The computer and user settings were not being applied. 'gpresult /r' reported the reason as:

The following GPOs were not applied because they were filtered out

Local Group Policy​

Filtering: Not Applied (Empty)​

After doing some exhaustive investigation it appears that the gpt.ini file has some pertinent information about the policy.

https://technet.microsoft.com/en-us/library/cc978247.aspx

Also, I've read that Domain based GPOs will not be applied if the permissions are not set correctly ( How to Implement Group Policy Security Filtering :: Windows 2003 :: Articles & Tutorials :: WindowsNetworking.com ). The Local Group Policy Editor does not have an ACL editor so I saved the ACLs from the computer I setup the LGP on and restored them after copying the entire GroupPolicy and GroupPolicyUsers directories to the destination computer. You can forgo transferring ACLs if you are copying these directories via a NTFS formatted drive (the ACLs will be preserved). Unfortunately I must use a CD to install the LGP onto the destination computers so I have to do this to preserve the ACLs.

So to transfer LGP from one computer to another I did the following. First, I copied GroupPolicy and GroupPolicyUsers to %userprofile%\Desktop\Local-Group-Policy-Backup. This can be done via Windows Explorer or command line via xcopy ('xcopy /c /e /h /k /x /o /i /q /y %SystemRoot%\System32\GroupPolicy %userprofile%\Desktop\Local-Group-Policy-Backup\GroupPolicy'). Note, I copied the entire GroupPolicy directory not just the subdirectories as the Backup script above does. Second, I saved the ACLs of the GroupPolicy and GroupPolicyUsers directories and contents (files and subdirectories) using 'icacls "%userprofile%\Desktop\Local-Group-Policy-Backup\*" /save AclFile'. Third, I burned the Local-Group-Policy-Backup directory along with the AclFile onto a CD (one could use a removable drive or a network to copy the files directly). I then copied GroupPolicy and GroupPolicyUsers onto the destination computer. The ACLs were restored to the copied files/directories using 'icacls "%SystemRoot%\System32" /restore AclFile'. Finally, I ran 'gpupdate /force'. All of the LGP settings were applied. 'gpresult /r' was showing no policies "not applied".

I hope this helps others that may experience the same problems using Brink's method.

 

[Brink]

Thank you for sharing Paul, and welcome to Eight Forums.