PolicyPlus icon indicating copy to clipboard operation
PolicyPlus copied to clipboard
verified publisher icon Fleex255

Export/Import POL improvements and issues

Open Fred-Vatin opened this issue 7 years ago • 6 comments

App version OS
Last release version Win 10 x64 pro (french) 14393

It would help if you version your app.

Steps to reproduce

  1. Open Local GPO
  2. Filter view : commented only
  3. Export POL
  4. Open policy resources > Computer POL File
  5. You can verify that comments are not there

Results

At this point it seems all the configured policies were exported in the POL file but without the comments. I need PP to export only the filtered policies instead with the comments. The only way to export only some policies is to open exported POL file and use Edit RAW POL to forget unnecessary keys. Then export again to the same POL file to keep only the wanted set of policies.

Expectations

  • Check box to select policies that would be exported.
  • Export them with their comment if any.
  • Have another way than Edit RAW POL to display the content of a POL file using the tree. The best proximate way is to open the POL file and filter configured state. Not perfect because the POL file may contain unconfigured policies that would override local GPO configured policies when applied.

Questions

  • What is the point of ADMX workspace? When used, the workspace will remain empty even after opening Local GPO or POL file.
  • What is the best procedure to restore and apply policies saved in a POL file?
    • Open Local GPO and use import POL ?
    • Open POL file and use save policies ?

Fred-Vatin avatar May 18 '18 00:05 Fred-Vatin

Thanks for the detailed report! There are a lot of separate moving parts here that can be difficult to keep track of. Interestingly, Microsoft POL files don't actually contain the comments - those are stored in the accompanying CMTX file. It would be nice to somehow keep those connected, though. I could imagine an extension to the Semantic Policy format and some UI improvements to facilitate selecting only some policies for inclusion. (Semantic Policy is the best way to export only a few policies, though admittedly that is very inconvenient at the moment.)

The ADMX workspace defines which policy definitions are loaded, i.e. what policies are available to edit. This is independent of the actual Registry-based policy settings, which are stored in the policy resources (usually a POL file). To open an ADMX workspace and make policy definitions appear, use Open ADMX Folder. The Save Policies command operates on the currently loaded policy resources, so if you've opened a POL file, it will only save changes to that POL file and will not integrate them into the local GPO. To restore policies from a POL file, use Import POL while the local GPO is the current policy resource. Also note that a Not Configured policy state in a POL is the absence of any setting, so Not Configured can never overwrite any other state. (Import Semantic Policy can set a policy to Not Configured, though.)

Hopefully this clears up some things. I'll see about some improvements to the export features.

Fleex255 avatar May 18 '18 00:05 Fleex255

Thanks. It confirms what I thought. Keep comments would be great because I use them to organize my policies.

Fred-Vatin avatar May 18 '18 02:05 Fred-Vatin

How to use semantic pol ? Is it planned to export in spol format ?

Fred-Vatin avatar Sep 15 '23 02:09 Fred-Vatin

The original design goal of Semantic Policy was to allow people (even if just myself) answering on Q&A sites to share policy edits in a format that is shorter and more trustable than REG files. I imagined copying the Semantic Policy Fragment from each required setting and pasting it into the post editor as I go. To facilitate applying changes to several computers, I would instead paste into a text file.

Automatically exporting in SPOL format would be nice and I'd like to add it at some point, but it's not currently a top priority.

Fleex255 avatar Oct 21 '23 18:10 Fleex255

Ben, Keep up the good work; your product has really helped me manage an increasingly unwieldy OS.

Don Mohr

On Saturday, October 21, 2023 at 11:12:27 AM PDT, Ben Nordick ***@***.***> wrote:

The original design goal of Semantic Policy was to allow people (even if just myself) answering on Q&A sites to share policy edits in a format that is shorter and more trustable than REG files. I imagined copying the Semantic Policy Fragment from each required setting and pasting it into the post editor as I go. To facilitate applying changes to several computers, I would instead paste into a text file.

Automatically exporting in SPOL format would be nice and I'd like to add it at some point, but it's not currently a top priority.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>

SonnyMD avatar Oct 24 '23 18:10 SonnyMD

Would be very nice if you could open a POL file, edited it and clicked some "apply" button for a specific setting or for the whole file to apply it to the system GPO instead of having to save the file, reopen Local GPO and import the file

eugenesvk avatar Mar 27 '24 09:03 eugenesvk