Exporting and importing Group Policy

Posted on 2005-05-11
Last Modified: 2012-05-05
I have a number of different LANs each with their own domain controller. I want to export the Domain Controller Security Template from one DC and import into another DC (on a seperate LAN).

So I open the Default Domain Controller Group Policy and right click on "security settings" but the "export policy" option is greyed out. Why is this?

I though I would be able to expor the security settings to an *.inf file and then import that into another DC.

Any help would be much appreciated.
Question by:machealth
    LVL 10

    Accepted Solution

    To open Security Configuration and Analysis, click Start, click Run, type mmc, and then click OK.

    On the File menu, click Open, click the console that you want to open, and then click Open.

    In the console tree, click Security Configuration and Analysis.

    Open the template you created or modified, and right click Security Configuration and Analysis, select Export Template.
    LVL 35

    Expert Comment

    by:Nick Sui
    That's an easy task if you follow these steps: -

    By default, when you promote your computer to domain controller for the first time only two Group policy objects are created in Active Directory. These two GPOs are Default Domain Policy and Default Domain Controller Policy. Windows gives two GUID for these two GPOs so it can identify them easily in the SYSVOL store. Goto the following location in SYSVOL store: -

    \WINNT\SYSVOL\sysvol\\Policies, here you will find two or more GUID for your policy such as:  -

    \WINNT\SYSVOL\sysvol\\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}   This is for Default Domain Pol
    \WINNT\SYSVOL\sysvol\\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}    This is for Default DC pol.

    Now whatever you configure in these two policy are stored in the above folder. So simply copy the folder where you have configured the policy that's it. I have used this a number of time.

    Steps to copy the folder: -

    1. Double click on one of GUID, the last one is for Default Domain Controller Policy.
    2. Now copy all the folders and take it to floppy or send via email.
    3. Now goto another server and double click in the same GUID and then paste the folders.
    4. Now open Default Domain Controller policy, you will see all configuration you saved.

    Let us know.


    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Read about the 3 stages of the buyer's journey: awareness, consideration, and decision.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now