Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, July 25, 2017 8:39 PM
I have successfully used LGPO.EXE v1.0 to import policies in the past with Windows 7. I have always used the following command to export policies for implementation on other systems:
C:\Policies\LPGO.EXE /b C:\Policies /n Standalone
I would then copy the "Policies" directory to a new PC and use the following command to import the policies :
C:\Policies\LPGO.EXE /g C:\Policies /v
When I was using LGPO.EXE v1.0 and Windows 7, the advanced audit policies would apply. Now with v2.2 and Windows 10 they do not apply. Why are the advanced audit policies not applying?
All replies (7)
Wednesday, July 26, 2017 3:16 AM
Hi Money,
What's your output?
Based on my test on Windows 10 1703 (build 15063.483) lab machines using your command, it works fine as below:
You can see the audit policy is applied fine.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, July 26, 2017 4:11 PM
Hi Money,
What's your output?
Based on my test on Windows 10 1703 (build 15063.483) lab machines using your command, it works fine as below:
You can see the audit policy is applied fine.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
I ran the following batch file (.cmd) on a test machine that already has the advanced audit policies applied:
@Echo .
@Echo Applying Standalone Local Group Policy
@Echo .
C:
CD \!Policy\LGPO
LGPO.exe /g .\ /v
Pause
This is the output:
.
Applying Standalone Local Group Policy
.
C:\Windows\system32>C:
C:\Windows\system32>CD \!Policy\LGPO
C:\!Policy\LGPO>LGPO.exe /g .\ /v
LGPO.exe v2.2 - Local Group Policy Object utility
Audit policy directory exists
Copied .\{08AEFA7D-51D4-45DF-B17F-97A1575455B8}\DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\audit.csv
to C:\Windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\Audit\audit.csv
Clearing existing audit policy
C:\Windows\system32\auditpol.exe /clear /y
The command was successfully executed.
AUDITPOL.EXE exited with exit code 0
Apply Audit policy from .\{08AEFA7D-51D4-45DF-B17F-97A1575455B8}\DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\audit.csv
C:\Windows\system32\auditpol.exe /restore /file:".\{08AEFA7D-51D4-45DF-B17F-97A1575455B8}\DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\audit.csv"
The command was successfully executed.
AUDITPOL.EXE exited with exit code 0
Apply security template: .\{08AEFA7D-51D4-45DF-B17F-97A1575455B8}\DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf
PROCESSING SECURITY TEMPLATE: .\{08AEFA7D-51D4-45DF-B17F-97A1575455B8}\DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf
C:\Windows\system32\secedit.exe /configure /db "C:\Users\Admin\AppData\Local\Temp\GPT4C99.tmp" /cfg ".\{08AEFA7D-51D4-45DF-B17F-97A1575455B8}\DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf" /log "C:\Users\Admin\AppData\Local\Temp\GPT4C9A.tmp" /overwrite /quiet
[[[ Security template log file output follows: C:\Users\Admin\AppData\Local\Temp\GPT4C9A.tmp ]]]
Completed 1 percent (0/63) Process Privilege Rights area
Completed 3 percent (1/63) Process Privilege Rights area
Completed 4 percent (2/63) Process Privilege Rights area
Completed 6 percent (3/63) Process Privilege Rights area
Completed 7 percent (4/63) Process Privilege Rights area
Completed 9 percent (5/63) Process Privilege Rights area
Completed 11 percent (6/63) Process Privilege Rights area
Completed 12 percent (7/63) Process Privilege Rights area
Completed 14 percent (8/63) Process Privilege Rights area
Completed 15 percent (9/63) Process Privilege Rights area
Completed 17 percent (10/63) Process Privilege Rights area
Completed 19 percent (11/63) Process Privilege Rights area
Completed 20 percent (12/63) Process Privilege Rights area
Completed 22 percent (13/63) Process Privilege Rights area
Completed 25 percent (15/63) Process Privilege Rights area
Completed 25 percent (15/63) Process Group Membership area
Completed 49 percent (30/63) Process Group Membership area
Completed 49 percent (30/63) Process Registry Keys area
Completed 49 percent (30/63) Process File Security area
Completed 49 percent (30/63) Process Services area
Completed 65 percent (40/63) Process Services area
Completed 73 percent (45/63) Process Services area
Completed 73 percent (45/63) Process Security Policy area
Completed 77 percent (48/63) Process Security Policy area
Completed 84 percent (52/63) Process Security Policy area
Completed 88 percent (55/63) Process Security Policy area
Completed 93 percent (58/63) Process Security Policy area
Completed 100 percent (63/63) Process Security Policy area
The task has completed successfully.
SECEDIT.EXE exited with exit code 0
Import Machine settings from registry.pol: .\{08AEFA7D-51D4-45DF-B17F-97A1575455B8}\DomainSysvol\GPO\Machine\registry.pol
;
; PROCESSING Computer POLICY
; Source file: .\{08AEFA7D-51D4-45DF-B17F-97A1575455B8}\DomainSysvol\GPO\Machine\registry.pol
Computer
Software\Classes\batfile\shell\runasuser
SuppressionPolicy
DWORD:4096
Computer
Software\Classes\cmdfile\shell\runasuser
SuppressionPolicy
DWORD:4096
Computer
Software\Classes\exefile\shell\runasuser
SuppressionPolicy
DWORD:4096
Computer
Software\Classes\mscfile\shell\runasuser
SuppressionPolicy
DWORD:4096
Computer
Software\Microsoft\wcmsvc\wifinetworkmanager\config
AutoConnectAllowedOEM
DWORD:0
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
EnumerateAdministrators
DWORD:0
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoAutorun
DWORD:1
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun
DWORD:255
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoStartBanner
DWORD:1
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoWebServices
DWORD:1
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableAutomaticRestartSignOn
DWORD:1
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\System
MSAOptional
DWORD:1
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit
ProcessCreationIncludeCmdLine_Enabled
DWORD:1
Computer
Software\Policies\Microsoft\Biometrics\FacialFeatures
EnhancedAntiSpoofing
DWORD:1
Computer
Software\Policies\Microsoft\EMET\SysSettings
DeepHooks
DWORD:1
Computer
Software\Policies\Microsoft\EMET\SysSettings
AntiDetours
DWORD:2
Computer
Software\Policies\Microsoft\EMET\SysSettings
BannedFunctions
DWORD:2
Computer
Software\Policies\Microsoft\EMET\SysSettings
ExploitAction
DWORD:2
Computer
Software\Policies\Microsoft\Internet Explorer\Feeds
DisableEnclosureDownload
DWORD:1
Computer
Software\Policies\Microsoft\PassportForWork\PINComplexity
MinimumPINLength
DWORD:6
Computer
Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51
DCSettingIndex
DWORD:1
Computer
Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51
ACSettingIndex
DWORD:1
Computer
Software\Policies\Microsoft\Windows\AppCompat
DisableInventory
DWORD:1
Computer
Software\Policies\Microsoft\Windows\CloudContent
DisableWindowsConsumerFeatures
DWORD:1
Computer
Software\Policies\Microsoft\Windows\DataCollection
AllowTelemetry
DWORD:0
Computer
Software\Policies\Microsoft\Windows\DeliveryOptimization
DODownloadMode
DWORD:1
Computer
Software\Policies\Microsoft\Windows\EventLog\Application
MaxSize
DWORD:32768
Computer
Software\Policies\Microsoft\Windows\EventLog\Security
MaxSize
DWORD:196608
Computer
Software\Policies\Microsoft\Windows\EventLog\System
MaxSize
DWORD:32768
Computer
Software\Policies\Microsoft\Windows\Explorer
NoAutoplayfornonVolume
DWORD:1
Computer
Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}
NoBackgroundPolicy
DWORD:0
Computer
Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}
NoGPOListChanges
DWORD:0
Computer
Software\Policies\Microsoft\Windows\Installer
EnableUserControl
DWORD:0
Computer
Software\Policies\Microsoft\Windows\Installer
AlwaysInstallElevated
DWORD:0
Computer
Software\Policies\Microsoft\Windows\LanmanWorkstation
AllowInsecureGuestAuth
DWORD:0
Computer
Software\Policies\Microsoft\Windows\Network Connections
NC_ShowSharedAccessUI
DWORD:0
Computer
Software\Policies\Microsoft\Windows\OneDrive
DisableFileSyncNGSC
DWORD:1
Computer
Software\Policies\Microsoft\Windows\Personalization
NoLockScreenSlideshow
DWORD:1
Computer
Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging
EnableScriptBlockLogging
DWORD:1
Computer
Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging
EnableScriptBlockInvocationLogging
DELETE
Computer
Software\Policies\Microsoft\Windows\System
DontDisplayNetworkSelectionUI
DWORD:1
Computer
Software\Policies\Microsoft\Windows\System
AllowDomainPINLogon
DWORD:0
Computer
Software\Policies\Microsoft\Windows\System
EnableSmartScreen
DWORD:1
Computer
Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy
fBlockNonDomain
DWORD:1
Computer
Software\Policies\Microsoft\Windows\Windows Search
AllowIndexingEncryptedStoresOrItems
DWORD:0
Computer
Software\Policies\Microsoft\Windows\WinRM\Client
AllowBasic
DWORD:0
Computer
Software\Policies\Microsoft\Windows\WinRM\Client
AllowUnencryptedTraffic
DWORD:0
Computer
Software\Policies\Microsoft\Windows\WinRM\Client
AllowDigest
DWORD:0
Computer
Software\Policies\Microsoft\Windows\WinRM\Service
AllowBasic
DWORD:0
Computer
Software\Policies\Microsoft\Windows\WinRM\Service
AllowUnencryptedTraffic
DWORD:0
Computer
Software\Policies\Microsoft\Windows\WinRM\Service
DisableRunAs
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\MitigationOptions
MitigationOptions_FontBocking
SZ:1000000000000
Computer
Software\Policies\Microsoft\Windows NT\Printers
DisableWebPnPDownload
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Printers
DisableHTTPPrinting
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Rpc
RestrictRemoteClients
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fAllowToGetHelp
DWORD:0
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fAllowFullControl
DELETE
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
MaxTicketExpiry
DELETE
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
MaxTicketExpiryUnits
DELETE
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fUseMailto
DELETE
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
DisablePasswordSaving
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fDisableCdm
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fPromptForPassword
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fEncryptRPCTraffic
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
MinEncryptionLevel
DWORD:3
Computer
System\CurrentControlSet\Control\SecurityProviders\WDigest
UseLogonCredential
DWORD:0
Computer
System\CurrentControlSet\Services\Netbt\Parameters
NoNameReleaseOnDemand
DWORD:1
Computer
System\CurrentControlSet\Services\Tcpip\Parameters
DisableIPSourceRouting
DWORD:2
Computer
System\CurrentControlSet\Services\Tcpip\Parameters
EnableICMPRedirect
DWORD:0
Computer
System\CurrentControlSet\Services\Tcpip6\Parameters
DisableIPSourceRouting
DWORD:2
; Computer POLICY SAVED.
;
Import User settings from registry.pol: .\{08AEFA7D-51D4-45DF-B17F-97A1575455B8}\DomainSysvol\GPO\User\registry.pol
;
; PROCESSING User POLICY
; Source file: .\{08AEFA7D-51D4-45DF-B17F-97A1575455B8}\DomainSysvol\GPO\User\registry.pol
; User POLICY SAVED.
;
Audit policy directory exists
Copied .\{37220A3A-1426-4DF5-92FB-81225D95DCEB}\DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\audit.csv
to C:\Windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\Audit\audit.csv
Clearing existing audit policy
C:\Windows\system32\auditpol.exe /clear /y
The command was successfully executed.
AUDITPOL.EXE exited with exit code 0
Apply Audit policy from .\{37220A3A-1426-4DF5-92FB-81225D95DCEB}\DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\audit.csv
C:\Windows\system32\auditpol.exe /restore /file:".\{37220A3A-1426-4DF5-92FB-81225D95DCEB}\DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\audit.csv"
Error 0x0000000D occurred:
The data is invalid.
AUDITPOL.EXE exited with exit code 13
Import Machine settings from registry.pol: .\{37220A3A-1426-4DF5-92FB-81225D95DCEB}\DomainSysvol\GPO\Machine\registry.pol
;
; PROCESSING Computer POLICY
; Source file: .\{37220A3A-1426-4DF5-92FB-81225D95DCEB}\DomainSysvol\GPO\Machine\registry.pol
Computer
Software\Classes\batfile\shell\runasuser
SuppressionPolicy
DWORD:4096
Computer
Software\Classes\cmdfile\shell\runasuser
SuppressionPolicy
DWORD:4096
Computer
Software\Classes\exefile\shell\runasuser
SuppressionPolicy
DWORD:4096
Computer
Software\Classes\mscfile\shell\runasuser
SuppressionPolicy
DWORD:4096
Computer
Software\Microsoft\wcmsvc\wifinetworkmanager\config
AutoConnectAllowedOEM
DWORD:0
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
EnumerateAdministrators
DWORD:0
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoAutorun
DWORD:1
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun
DWORD:255
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoStartBanner
DWORD:1
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoWebServices
DWORD:1
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableAutomaticRestartSignOn
DWORD:1
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\System
MSAOptional
DWORD:1
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit
ProcessCreationIncludeCmdLine_Enabled
DWORD:1
Computer
Software\Policies\Microsoft\Biometrics\FacialFeatures
EnhancedAntiSpoofing
DWORD:1
Computer
Software\Policies\Microsoft\EMET\SysSettings
DeepHooks
DWORD:1
Computer
Software\Policies\Microsoft\EMET\SysSettings
AntiDetours
DWORD:2
Computer
Software\Policies\Microsoft\EMET\SysSettings
BannedFunctions
DWORD:2
Computer
Software\Policies\Microsoft\EMET\SysSettings
ExploitAction
DWORD:2
Computer
Software\Policies\Microsoft\Internet Explorer\Feeds
DisableEnclosureDownload
DWORD:1
Computer
Software\Policies\Microsoft\PassportForWork\PINComplexity
MinimumPINLength
DWORD:6
Computer
Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51
DCSettingIndex
DWORD:1
Computer
Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51
ACSettingIndex
DWORD:1
Computer
Software\Policies\Microsoft\Windows\AppCompat
DisableInventory
DWORD:1
Computer
Software\Policies\Microsoft\Windows\CloudContent
DisableWindowsConsumerFeatures
DWORD:1
Computer
Software\Policies\Microsoft\Windows\DataCollection
AllowTelemetry
DWORD:0
Computer
Software\Policies\Microsoft\Windows\DeliveryOptimization
DODownloadMode
DWORD:1
Computer
Software\Policies\Microsoft\Windows\EventLog\Application
MaxSize
DWORD:32768
Computer
Software\Policies\Microsoft\Windows\EventLog\Security
MaxSize
DWORD:196608
Computer
Software\Policies\Microsoft\Windows\EventLog\System
MaxSize
DWORD:32768
Computer
Software\Policies\Microsoft\Windows\Explorer
NoAutoplayfornonVolume
DWORD:1
Computer
Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}
NoBackgroundPolicy
DWORD:0
Computer
Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}
NoGPOListChanges
DWORD:0
Computer
Software\Policies\Microsoft\Windows\Installer
EnableUserControl
DWORD:0
Computer
Software\Policies\Microsoft\Windows\Installer
AlwaysInstallElevated
DWORD:0
Computer
Software\Policies\Microsoft\Windows\LanmanWorkstation
AllowInsecureGuestAuth
DWORD:0
Computer
Software\Policies\Microsoft\Windows\Network Connections
NC_ShowSharedAccessUI
DWORD:0
Computer
Software\Policies\Microsoft\Windows\OneDrive
DisableFileSyncNGSC
DWORD:1
Computer
Software\Policies\Microsoft\Windows\Personalization
NoLockScreenSlideshow
DWORD:1
Computer
Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging
EnableScriptBlockLogging
DWORD:1
Computer
Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging
EnableScriptBlockInvocationLogging
DELETE
Computer
Software\Policies\Microsoft\Windows\System
DontDisplayNetworkSelectionUI
DWORD:1
Computer
Software\Policies\Microsoft\Windows\System
AllowDomainPINLogon
DWORD:0
Computer
Software\Policies\Microsoft\Windows\System
EnableSmartScreen
DWORD:1
Computer
Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy
fBlockNonDomain
DWORD:1
Computer
Software\Policies\Microsoft\Windows\Windows Search
AllowIndexingEncryptedStoresOrItems
DWORD:0
Computer
Software\Policies\Microsoft\Windows\WinRM\Client
AllowBasic
DWORD:0
Computer
Software\Policies\Microsoft\Windows\WinRM\Client
AllowUnencryptedTraffic
DWORD:0
Computer
Software\Policies\Microsoft\Windows\WinRM\Client
AllowDigest
DWORD:0
Computer
Software\Policies\Microsoft\Windows\WinRM\Service
AllowBasic
DWORD:0
Computer
Software\Policies\Microsoft\Windows\WinRM\Service
AllowUnencryptedTraffic
DWORD:0
Computer
Software\Policies\Microsoft\Windows\WinRM\Service
DisableRunAs
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\MitigationOptions
MitigationOptions_FontBocking
SZ:1000000000000
Computer
Software\Policies\Microsoft\Windows NT\Printers
DisableWebPnPDownload
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Printers
DisableHTTPPrinting
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Rpc
RestrictRemoteClients
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fAllowToGetHelp
DWORD:0
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fAllowFullControl
DELETE
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
MaxTicketExpiry
DELETE
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
MaxTicketExpiryUnits
DELETE
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fUseMailto
DELETE
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
DisablePasswordSaving
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fDisableCdm
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fPromptForPassword
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fEncryptRPCTraffic
DWORD:1
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
MinEncryptionLevel
DWORD:3
Computer
System\CurrentControlSet\Control\SecurityProviders\WDigest
UseLogonCredential
DWORD:0
Computer
System\CurrentControlSet\Services\Netbt\Parameters
NoNameReleaseOnDemand
DWORD:1
Computer
System\CurrentControlSet\Services\Tcpip\Parameters
DisableIPSourceRouting
DWORD:2
Computer
System\CurrentControlSet\Services\Tcpip\Parameters
EnableICMPRedirect
DWORD:0
Computer
System\CurrentControlSet\Services\Tcpip6\Parameters
DisableIPSourceRouting
DWORD:2
; Computer POLICY SAVED.
;
Import User settings from registry.pol: .\{37220A3A-1426-4DF5-92FB-81225D95DCEB}\DomainSysvol\GPO\User\registry.pol
;
; PROCESSING User POLICY
; Source file: .\{37220A3A-1426-4DF5-92FB-81225D95DCEB}\DomainSysvol\GPO\User\registry.pol
; User POLICY SAVED.
;
C:\!Policy\LGPO>Pause
Press any key to continue . . .
I am going to run the same batch file on a clean PC and see if there is any difference, and then I will post the results.
The version of Windows that I am using is Windows 10 Enterprise 2016 LTSB (ver 10.0.14393).
Wednesday, July 26, 2017 5:01 PM
I applied the policies to a clean PC and used Beyond Compare to check the differences between the two output files. There were only three lines that were different. One that said "Created directory for audit policy" instead of "Audit policy directory exists". The other two referenced a temp file with a random name in "C:\Users\Admin\Local\Temp". So essentially there is no difference in the output.
Thursday, July 27, 2017 9:05 PM
Today I tried another test. I manually applied one of the advanced audit policies. I then ran my batch file to apply the policies. All of the policies, except the advanced audit policies got applied. The one policy that I manually applied got removed. Interesting.
Friday, July 28, 2017 9:31 AM
Hi money,
What if you only apply the audit policy via running command:
LGPO.exe /a path autit.csv
or
LGPO.exe /ac path audit.csv
Note: /ac to clear policy first.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, July 31, 2017 8:51 PM
Hi money,
What if you only apply the audit policy via running command:
LGPO.exe /a path autit.csv
or
LGPO.exe /ac path audit.csv
Note: /ac to clear policy first.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thanks for the input. This helped me find a solution, but it still leaves some questions as to why this problem happened in the first place. When I backed up the original policies, LGPO created two directories ({08AEFA7D-51D4-45DF-B17F-97A1575455B8} and {37220A3A-1426-4DF5-92FB-81225D95DCEB}). These directories each have the same directory structure according to tree.com, and the same creation dates and times. They were created with a single LGPO command (C:\Policies\LPGO.EXE /b C:\Policies /n Standalone). Each directory had its own audit.csv file, yet the CSV file in {37220A3A-1426-4DF5-92FB-81225D95DCEB} was 0k in size, so it has no policies, while the first one is 5k in size. The policies successfully got applied by the first audit.csv, but removed when the second one was applied. Why does LGPO do this?
Tuesday, August 1, 2017 9:53 AM
When I backed up the original policies, LGPO created two directories ({08AEFA7D-51D4-45DF-B17F-97A1575455B8} and {37220A3A-1426-4DF5-92FB-81225D95DCEB}). These directories each have the same directory structure according to tree.com, and the same creation dates and times. They were created with a single LGPO command (C:\Policies\LPGO.EXE /b C:\Policies /n Standalone).
That's really strange. What's your Windows build?
Please confirm you obtain the LGPO.exe from the following official webpage:
Microsoft Security Compliance Toolkit 1.0
https://www.microsoft.com/en-us/download/details.aspx?id=55319
I used the following command you provided only get one GP as expected.
C:\Policies\LPGO.EXE /b C:\Policies /n Standalone
I suggest you try it again to see if it still generated two GUID.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].