What is the best way to apply a AD GPO (pol, adm and sec.inf) to an Offline PC?

in a segue to the original question: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23112437.html

I realize now that my efforts may have been misguided.  What would be the best way to implement a new GPO onto a laptop if that said laptop did not have communication with the a AD DC (at least not for a while).

As we do not have direct access to these laptops, we're looking into any options to do this on the CLI.

I have looked into MS's FDCC tool, but am having trouble recompiling it with our hybrid FDCC GPO.

any hints or guidance would be much appreciated.

Who is Participating?
BlademonkeyConnect With a Mentor Author Commented:
I ended up creating a POL to Reg converter on my own.

This solved my problem.
PlaceboC6Connect With a Mentor Commented:
Could try messing with the local group policy.

Start / Run / gpedit.msc

ADM files etc are in C:\windows\system32\group policy

Is a hidden folder.
SteveH_UKConnect With a Mentor Commented:
(not to be taken too seriously....)

The best way is to ... connect ... the computer (via a vpn, dial-up or direct connection) and then apply the GPO online.

Not sure another way is actually possible.

(However, registry settings can be applied by exporting the registry key Software\Policies from the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER roots from an equivalent computer and user combination)
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

BlademonkeyAuthor Commented:
unfortunately, we cannot apply the settings interactively, hence the request for a CLI tool.

By CLI you mean command line interface? To be run on the laptops manually? If you have no access to the machines then that will be hard to do.

secedit can be used to apply policies to the laptops.
BlademonkeyAuthor Commented:
I can run CLI by compiling scripts that we deploy.  
that's not the hard part for us.  
the script are run by the user (and temporarily elevated to local admin).

thanks for the secedit bit, I have a secedit portion added.

any suggestions for pol files?
PlaceboC6Connect With a Mentor Commented:
Set your explorer to show hidden files.

Go to the windows\system32\group policy folder and take a peak......

That's where the local policy is at.
BlademonkeyAuthor Commented:
I realize that is where the files are.  

are you saying that i can just copy the new pol and adm files to the laptops under this location and the settings will be "updated?"

I have set up a local policy on system A,  then copied that Group Policy folder on top of the local policy on System B and C and it duplicated the settings,  yes.

I intially configured the policy with gpedit.msc so that it modifies the contents of that folder.  Then copied it across the board to "special" systems that needed a local policy.  Of course that applies to everyone that logs in to the machine.

To recover from it,  you can rename the folder and reboot.

Toy with it and see what you get.
BlademonkeyAuthor Commented:
do i need to copy the secedit.sdb file as well?
PlaceboC6Connect With a Mentor Commented:
I usually copied the entire Group Policy folder.
matrixnzConnect With a Mentor Commented:
(No Point Comment)

PlaceboC6 is correct

Use GPEdit.msc on a local system make required changes then copy the C:\Windows\System32\GroupPolicy folder to other machines, the Local Group Policies should take effect straight away, you can run gpupdate /force as well to refresh the policies.

BlademonkeyAuthor Commented:
I tried this but the settings did not actually take.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.