OS:Windows 7 Pro, 32-bit, running under VMware Workstation
I'm trying to work out how to get LocalGPO working so that I can define a bunch of local policies and then use the tools to apply those policies to multiple PCs.
So what I did is tweak a bunch of group polices (to apply only to non-administrator users, following instructions at http://www.sevenforums.com/tutorials/101869-local-group-policies-apply-all-users-except-administrators.html). I then installed *just* the LocalGPO MSI and ran it to export:
cscript LocalGPO.wsf /Export /Path:e:\gpos\ /gpopack
and it created a long GUID-named directory full of a bunch of stuff.
I then do a snapshot and revert to an earlier snapshot, prior to all my policy changes, where I try to import it.
- copy e:\gpos\ and all subdirectories to c:\gpos\ just in case it matters.
- Start -> All Programs -> LocalGPO -> "Run as Administrator" "LocalGPO Command-line"
- cscript LocalGPO.wsf /path:c:\gpos\{guid}
- Output:
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
Modifying Local Policy... this process can take a few moments.
Applied valid INF from c:\gpos\{guid}
Applied valid Machine POL from c:\gpos\{guid}
Applied valid User Pol from c:\gpos\{guid}
Applied vlaid Audit yPolicy CSV from c:\gpos\{guid}
Local Policy Modified!
Please restart the computer to refresh the Local PolicySo I dutifully reboot, and try logging in as the non-admin user. No changes whatsoever. Everything is still unlocked and available. (The policy changes I made severely lock down non-admin users.)
I also tried adding on "/mlgpo:users" and instead of those 4 "Applied valid..." lines, get a simple "users MLGPO... Modified!"
But still no visible policy changes.
I originally tried this with the "GPOPack" option, but running that has even less effect. Not even messages pretending to do something.
Any suggestions?