Utilities for Local Group Policy and IE Security Zones

Because of my work with the Federal Desktop Core Configuration, I’ve published a set of three utilities that manage Local Group Policy.  The newest of these (ImportRegPol) parses registry.pol files and can convert their content to text.  I’ve also created a utility to view and compare IE security zone settings that is particularly helpful on a system that has been locked down with Group Policy.

I also wrote a blog post on the FDCC blog describing compatibility problems caused by a widely-deployed registry hack that tries to prevent Autoplay.

 

Utility

Description and Key Scenarios

Set_FDCC_LGPO

Applies full set of NIST FDCC settings into the Local Group Policy of a Windows XP or Windows Vista computer.

Always applies Administrative Templates; FDCC security templates are optional.

Current version not supported on versions of Windows other than XP and Vista (Win7 version to be created if/when NIST defines FDCC settings for Windows 7.)

Intended for automated use; non-interactive.

Intended as part of image building or image maintenance after deployment.

Source code provided.

Apply_LGPO_Delta

Allows application of individual policy settings into the Local Group Policy of a Windows computer. These can include administrative template settings or security template settings.

All input files are text-based, for ease of editing and customization.

Intended for automated use; non-interactive.

Designed to work in scenarios with Set_FDCC_LGPO. Primary purpose is to apply an organization’s variances from FDCC after running Set_FDCC_LGPO.

Intended for same scenarios as Set_FDCC_LGPO.

Source code provided.

ImportRegPol

Reads a registry.pol file and then does one or both of the following:

1) Applies settings from the registry.pol file to the Computer or User Configuration settings in Local Group Policy on the current computer;

2) Writes out the settings to a text file in a format that can be consumed by Apply_LGPO_Delta.

Intended for automated use; non-interactive.

Intended as part of image building.

Source code provided.

IE Zone Comparer

GUI program to graphically display and compare two collections of IE security zone settings (policies or preferences for each of the security zones), highlighting settings that differ between the collections.  Useful for seeing what settings are in effect (on a locked down system, the Security tab of the IE Properties dialog is mostly disabled), for comparing differences between zones, and more.