LocalGPO command-line tool

When you install SCM, the LocalGPO command-line tool also becomes available. We have updated LocalGPO to make it more useful to apply security setting to non-domain joined computers in your organization.

LocalGPO allows you to back up a domain-based Group Policy Object and then apply it to non-domain joined computers. The new version of this tool makes it easier to automate this process.

You may want to apply settings to the local Group Policy on stand-alone computers in your environment. We recommend updating the user interface on the computers that you use to manage Group Policy so that you can view and manage the additional security settings discussed in this Help.

Note SCM includes the LocalGPO tool but does not automatically install it. Use the following procedure to get started using the tool.

When you install SCM, the installation files for LocalGPO are copied to the following location on your computer: C:\Program Files (x86)\Microsoft Security Compliance Manager\LGPO.

Note SCM does not include x86 in the location path for computers running 32-bit versions of Windows operating systems.

To install the LocalGPO command-line tool

In the LGPO folder, double-click the LocalGPO.msi file to start the Local GPO Setup Wizard, and then click Next.
Review the user license agreement, click the option to accept the terms of the agreement, and then click Next.
On the Features to Install page of the wizard, review what the tool installs and the disk space that it requires, click Next, and then on the Ready to Install page, click Install.
Note It may take a few minutes to complete the LocalGPO tool installation process.
On the final page of the wizard, click Finish to complete the installation.

To verify that the tool is installed on your computer, click Start, click All Programs, and then confirm that the LocalGPO folder displays in your list of programs.

$Description: C:\Users\johnc\Documents\Baselines 2.0\SCM 2.0 Help\SCM 2 Help development files\LocalGPO_tool_location.jpg$

Now that you have installed the LocalGPO tool, you can use it to perform the following tasks:

Apply a security baseline to the local Group Policy of a computer.
Export the local Group Policy of a computer to a Group Policy backup.
Create a GPOPack to apply the same settings to a computer without installing LocalGPO.
Tip You can use this new capability in LocalGPO to integrate scripted results with the Microsoft Deployment Toolkit (MDT) to accelerate and automate deployments of Windows 7, Windows Server 2008 R2, Windows Vista, Windows XP, Windows Server 2008, and Microsoft Office products. For more information about the MDT, see Microsoft Deployment Toolkit at: http://go.microsoft.com/fwlink/?LinkId=105753.
Use the Multiple local GPO feature to edit a collection of Local Group Policy objects (LGPOs). This feature is designed to provide improved management for computers that are not part of a domain.
Update the UI of the Group Policy management tools.

Tip To run the LocalGPO Command-line tool, in the LocalGPO folder, right-click the tool, and then choose the option Run As Administrator.

The following figure displays the initial Command Prompt window of the LocalGPO command-line tool.

$Description: C:\Users\johnc\Documents\Baselines 2.0\SCM 2.0 Help\SCM 2 Help development files\Screen shots\LocalGPO_default_screen_prompt.JPG$

The following sections discuss how to use the LocalGPO tool to accomplish these tasks.