The solution presented in this Help uses GPO settings that do not display in the standard UI for the GPMC or the Security Configuration Editor (SCE). These settings, which are all prefixed with MSS, were developed by the Microsoft Solutions for Security group for previous security guidance.

For this reason, you need to extend these tools so that you can view the security settings and edit them as required. To accomplish this, LocalGPO automatically updates your computer while it creates the GPOs. Use the following procedure to update the SCE on the computers where you plan to manage the GPOs created with the SCM.

To modify the SCE to display MSS settings

  1. Ensure that you have met the following prerequisites:
    • The computer is joined to the domain using Active Directory where you created the GPOs.
    • SCM is installed.
  2. Log on to the computer as an administrator.
  3. On the computer, click Start, click All Programs, and then click the LocalGPO folder to open it.
  4. In the LocalGPO folder, right-click LocalGPO, and then choose Run as administrator to open the tool command prompt with full administrative privileges.
    Note   If prompted for logon credentials, type your user name and password, and then press Enter.
  5. At the command prompt, type cscript LocalGPO.wsf /ConfigSCE and then press Enter.
    Note   This script only modifies SCE to display MSS settings. This script does not create GPOs or OUs.

The following procedure removes the additional MSS security settings, and then resets SCE to default settings.

To reset the SCE to default settings

  1. Log on to the computer as an administrator.
  2. On the computer, click Start, click All Programs, and then click the LocalGPO folder to open it.
  3. In the LocalGPO folder, right-click LocalGPO, and then choose Run as administrator to open the tool command prompt with full administrative privileges.
    Note   If prompted for logon credentials, type your user name and password, and then press Enter.
  4. At the command prompt, type cscript LocalGPO.wsf /ResetSCE and then press Enter.
    Note   Completing this procedure reverts the SCE on your computer to the default settings. Any settings added to the default SCE will be removed. This will only affect the ability to view the settings with the SCE. Configured Group Policy settings remain in place.