When you install SCM, the LocalGPO command-line tool also becomes available. We have updated LocalGPO to make it more useful to apply security setting to non-domain joined computers in your organization.

LocalGPO allows you to back up a domain-based Group Policy Object and then apply it to non-domain joined computers. The new version of this tool makes it easier to automate this process.

You may want to apply settings to the local Group Policy on stand-alone computers in your environment. We recommend updating the user interface on the computers that you use to manage Group Policy so that you can view and manage the additional security settings discussed in this Help.

Note   SCM includes the LocalGPO tool but does not automatically install it. Use the following procedure to get started using the tool.

When you install SCM, the installation files for LocalGPO are copied to the following location on your computer: C:\Program Files (x86)\Microsoft Security Compliance Manager\LGPO.

Note   SCM does not include x86 in the location path for computers running 32-bit versions of Windows operating systems.

To install the LocalGPO command-line tool

  1. In the LGPO folder, double-click the LocalGPO.msi file to start the Local GPO Setup Wizard, and then click Next.
  2. Review the user license agreement, click the option to accept the terms of the agreement, and then click Next.
  3. On the Features to Install page of the wizard, review what the tool installs and the disk space that it requires, click Next, and then on the Ready to Install page, click Install.
    Note   It may take a few minutes to complete the LocalGPO tool installation process.
  4. On the final page of the wizard, click Finish to complete the installation.

To verify that the tool is installed on your computer, click Start, click All Programs, and then confirm that the LocalGPO folder displays in your list of programs.

Description: C:\Users\johnc\Documents\Baselines 2.0\SCM 2.0 Help\SCM 2 Help development files\LocalGPO_tool_location.jpg

Now that you have installed the LocalGPO tool, you can use it to perform the following tasks:

Tip   To run the LocalGPO Command-line tool, in the LocalGPO folder, right-click the tool, and then choose the option Run As Administrator.

The following figure displays the initial Command Prompt window of the LocalGPO command-line tool.

Description: C:\Users\johnc\Documents\Baselines 2.0\SCM 2.0 Help\SCM 2 Help development files\Screen shots\LocalGPO_default_screen_prompt.JPG

The following sections discuss how to use the LocalGPO tool to accomplish these tasks.