How to Edit the Registry.pol File using LGPO.exe
In this tutorial, we will discuss how to modify or edit the Registry.pol file using the LGPO.exe tool. LGPO.exe tool is part of Microsoft Security Baseline and helps automate the local group policy management.
You can also use LGPO.exe to apply a GPO backup (exported from a domain, etc.) on workgroup computers. However, after applying policies via the LGPO.exe tool, you can’t edit them via Local Group Policy Editor (gpedit.msc).
Even if you edit the same settings via the Local Group Policy Editor (gpedit.msc), it won’t be applied because the policies applied via the LGPO tool will take precedence over the gpedit tool. You can verify the same via the gpresult
command or rsop.msc console.
So, in a GPO backup, the policy settings are stored in the registry.pol file. The LGPO tool applies these settings from the registry.pol file to your computer.
SEE ALSO: How to Rename Local Admin and Change Password using GPO.
Modify the Registry.pol File using the LGPO.exe Tool
The registry.pol file is not directly editable. However, you can use the same LGPO.exe tool to convert it to the readable regpol text file and edit the required settings. After that, you can convert the regpol text file back to the registry.pol using the LGPO tool.
So, in this tutorial, we will show how to edit the registry.pol file using the LGPO.exe tool (provided by Microsoft). First of all, download the LGPO.zip file and extract it to any folder. In this tutorial, we have extracted it to the C:\LGPO folder.
Also, make sure you have the GPO backup containing the registry.pol file. You can also take GPO backup using LGPO.exe, just follow these steps.
Step 1: Take Local Group Policy Backup using LGPO.exe Tool
In case you want to save a backup of the Local Group Policy applied on your computer, you can do so using the LGPO.exe tool. First, launch CMD with administrator privileges and browse to the folder where you have extracted the LGPO.exe file. Then, type the following command in the CMD prompt. This will back up the Local Group Policy to your desired location.
LGPO.exe /b [backup path] /n [gpo name]
Make sure to replace the [backup path]
with the actual path where you want to save the GPO backup and also the [gpo name]
with the display name for GPO.
Step 2: Convert the Registry.pol file to Readable Text
Now, after you are ready with the GPO backup, it’s time to edit the registry.pol file using LGPO.exe. In this process, we will have to convert the registry.pol file to editable text file. So, type the following command in Command Prompt (run as administrator) and press Enter.
LGPO.exe /parse /m [path to the registry.pol file] > regpol.txt
Make sure to replace the [path to the registry.pol file]
with the actual path of the file as shown in the screenshot below. The registry.pol file is usually present in the “{GPOName}\DomainSysvol\GPO\Machine or User” folder.
Step 3: Edit the Registry.pol File in Text Format
Now, you can easily edit the registry.pol file in the form of regpol.txt. Simply open it in Notepad and make the necessary changes.
- Edit the DWORD value to make changes in specific policy settings.
- To set any policy to “Not configured“, type DELETE below its settings in the regpol.txt file.
- More options are provided in the document available with the LGPO download.
Step 4: Convert the Modified Regpol.txt File to Registry.pol File
After you are done editing the regpol.txt file, you can convert it back to the registry.pol file using the LGPO.exe tool. Simply type the following command in the CMD prompt and press Enter.
LGPO.exe /r [regpol.txt file path] /w [new registry.pol file path]
Make sure to replace the [regpol.txt file path]
with the actual path of the regpol.txt file. Similarly, replace the [new registry.pol file path]
with the actual path of the new registry.pol file.
Step 5: Replace the old Registry.pol File with the New One
After modifying the registry.pol file, it’s time to replace the old one with the new one. So, copy the new registry.pol file and paste it into the same folder as the old registry.pol file.
You might get the prompt to confirm replacing the old file with the new one. Click “Replace the file in the destination” to keep the new file.
Step 6: Apply Local Group Policy using the LGPO.exe Tool
Finally, it’s time to apply the modified registry.pol file to your computer using the LGPO.exe tool. Now, type the following command in Command Prompt (run as admin) and press Enter.
LGPO.exe /g [GPO folder path] gpupdate /force
Make sure to replace the [GPO folder path]
with the actual path of the folder where the GPO backup is stored.
Step 7: Check the Applied Policy via RSOP.msc Console
Now, launch the RUN utility, type rsop.msc
, and press Enter to launch the RSOP console. It will display the policies that are applied on your computer. So, now you can verify the applied policies here.
SEE ALSO: Facing the “Shell Infrastructure Host has stopped working” error? Here is the fix.
Edit the Registry.pol File using LGPO.exe Tool to Modify the Local Group Policy
LGPO.exe tool is quite useful for Group Policy administrators. You can use it to even edit the registry.pol file and make changes to local GPO without the need to edit the Group Policy from Domain Controllers. LGPO tool is available to download from the Microsoft Security Compliance toolkit page.
Hope you liked this tutorial. Should you face a problem while following the steps, don’t hesitate to write it in the comments down below. You may also subscribe to our newsletter to get the latest updates via email.