GPO generated from the (quite outdated) guide from ANSSI: Restreindre la collecte de données sous Windows 10. GPO are exported as text to be easily examined.
Download LGPO from the Microsoft Security Compliance Toolkit at https://www.microsoft.com/en-us/download/details.aspx?id=55319
- Machine GPO
LGPO.exe /r [path]\machine.lgpo /w [path]\Machine\registry.pol
- User GPO
LGPO.exe /r [path]\user.lgpo /w [path]\User\registry.pol
- Apply machine GPO
LGPO.exe /m [path]\Machine\registry.pol
- Apply user GPO
LGPO.exe /u [path]\User\registry.pol
Creating and exporting GPO from the ANSSI guide.
- Use the Local Group Policy Editor (
gpedit.msc
) to create the GPO from the ANSSI guide - As an administrator, use the Local Group Policy Object Utility (
LGPO.exe
) to create a backup from the local policy
LGPO.exe /b "[path]\Export" /n ANSSI
- Export the backup to a text file (parsing the
registry.pol
)- Machine GPO
LGPO.exe /parse /m "[path]\Export\...\DomainSysvol\GPO\Machine\registry.pol" >machine.lgpo
- User GPO
LGPO.exe /parse /u "[path]\Export\...\DomainSysvol\GPO\User\registry.pol" >user.lgpo