How to Backup and Restore Local Group Policy Editor Settings in Windows 11

How to Backup and Restore Local Group Policy Editor Settings in Windows 11 blog banner image

This guide provides detailed instructions on how to backup and restore Local Group Policy Editor settings in Windows 11. It includes instructions on how to back up Local Group Policy manually, as well as how to script and automate the process.

Local Group Policy in Windows 11 is a powerful tool for managing Windows devices (whether it’s customizing your own, or providing tech support for others). Being able to readily back up and restore Group Policy settings makes it easier to roll back changes, or duplicate Group Policy to another PC.

Group Policy in Windows

Group Policy, an administrative feature of Windows operating systems (Pro, Enterprise, and Server versions). It provides tools for the centralized configuration of user and system settings on Windows devices, and the ability to configure supported third-party applications. Group Policy is used by system administrators to manage security policies, network configuration, user permissions, and user profiles.

A Group Policy contains what is known as Group Policy Objects (GPOs), and each of these GPOs contains the configuration options that change the configured behavior of the associated application or operating system feature. GPOs defined as a Computer Configuration only apply to the Windows device they target (affecting users who log into that machine), whereas a User Configuration will apply to a single user account and apply to any Windows device they log into with that account for the duration of their session.

There are two types of Windows Group Policy GPOs:

  • Local Group Policy: The Local group policy applies solely to the single Windows PC they are directly configured on.
  • Group Policy in Active Directory: GPOs developed in a Windows Active Directory domain are defined based on organizational units (OU), which can target devices or users based on defined groups. Active Directory is designed for managing enterprise networks, and is usually not deployed for home use.

When managing Group Policy in Windows, it’s worth noting that in the case of a conflict, the most restrictive policy takes precedence, and domain Group Policy Objects from Group Policy in Active Directory always overrule Local Group Policy Objects.

Where are Local Group Policy Editor settings located in Windows 11?

In both Windows 11 and Windows 10, Local Group Policy Editor settings are stored at the following locations:

  • Computer Configuration is stored at %SystemRoot%\System32\GroupPolicy\Machine
  • User Configuration is stored at %SystemRoot%\System32\GroupPolicy\User
  • Group Policy Objects targeting specific users or groups is stored at %SystemRoot%\System32\GroupPolicyUsers

Note that Local Group Policy is not available on Windows 11 and Windows 10 Home — these directories may exist, but backing up and restoring GPOs will have no effect.

How to backup Local Group Policy Editor settings

To backup Local Group Policy in Windows, follow these steps:

  • Make sure that you have enabled show hidden files and folders in Windows Explorer
  • Right click on Start and click Run
  • In the Run dialog, copy and paste the path to the local Group Policy Objects you wish to back up (Computer Configuration, User Configuration, or GPOs for specific users/groups) from the list found above
  • Select all the files and folders in the directory by pressing Ctrl + A
  • Right-click and copy the contents of the folder into a new folder on an external USB or network drive, or to cloud storage

Restoring Local Group Policy Editor settings

To restore Group Policy settings in Windows 11:

  • Make sure that you have enabled show hidden files and folders in Windows Explorer
  • Right-click on the Start button and click Run
  • In the Run dialog, copy and paste the path to the local Group Policy Objects you wish to restore to (Computer Configuration, User Configuration, or GPOs for specific users/groups) from the list above
  • In a separate Explorer window, navigate to the folder you originally copied your backups to
  • Select all the files and folders in the directory by pressing Ctrl + A
  • Right-click and copy the contents of the folder and paste them into the folder path they were originally backed up from
  • Open the command prompt or PowerShell and run gpupdate /force

Once you have restored your Group Policy Settings, you should verify that they have taken effect.

Use cases for backing up and restoring Group Policy settings

There are several common use cases for backing up Local Group Policy Editor settings on Windows:

  • Migrating to a new PC (or deploying the same policies to multiple PCs): Rather than manually re-creating each Group Policy Object to configure a new PC, you can simply export them from your existing device, and then import them.
  • Troubleshooting or rolling back after a failed change: If you make major changes to your group policies that don’t work as intended, you can roll them all back by restoring a backup, rather than having to find and manually undo each individual change.
  • System repair and maintenance: Rolling back the unintentional changes made by end-users is a common task for system administrators, and having backups that can be quickly restored can save a lot of time.

Automate the Group Policy Backup Process with LGPO

LGPO is a Local Group Policy backup tool provided by Microsoft. It is a command-line utility, so it’s perfect for automating the backup and restoration process. LGPO can be downloaded as part of the Microsoft Security Compliance Toolkit here.

Once you’ve downloaded and extracted LGPO, copy and paste the file LGPO.exe to the path C:\Windows\System32 — this will make the application available as a global command on your system, so it can be run from anywhere.

Now that LGPO is installed, you can use it to create a backup by running the following command in the command prompt or PowerShell:

LGPO.exe /b “PATH_TO_BACKUP_DIRECTORY”

Be sure to replace PATH_TO_BACKUP_DIRECTORY with the location of the folder you wish to store your backups in (for example, D:\my_group_policy_backups). Note that within the backup directory, the actual backup files will be in a folder with a unique ID (a random looking string of characters and dashes) — you’ll need to be aware of this when restoring the backup.

As this method uses the command line, it can be automated using PowerShell and scheduled using the Windows Task Scheduler.

To restore your Local Group Policy Editor backups, run:

LGPO.exe /g “PATH_TO_BACKUP_DIRECTORY/UNIQUE_ID”

Note that you’ll need to provide the full path to the backup directory, including the uniquely named directory created for that specific backup.

Best practices and troubleshooting

There are a few further things you should keep in mind when importing and exporting Group Policy Editor settings in Windows.

If you’re regularly changing your Local Group Policy settings, you should automate and schedule the backup process so you always have an up-to-date backup stored on a separate device or in the cloud. You can also export and import specific policies by only copying those directories to your backup folder, allowing you to backup or restore policies individually.

Importantly, it is not advisable to restore Group Policy Settings from a different version of Windows due to differences between operating system versions. Restoring from a different version of Windows, or importing corrupted Group Policy files, can lead to unintended behavior or an unstable system. If your PC is not behaving as expected after restoring from a Group Policy backup, restore your whole PC from a full system backup and recreate the policies manually.

Managing Windows Group Policy in an enterprise environment

Using Local Group Policy to manage more than a few Windows devices is cumbersome. This is why system administrators for even small businesses deploy Windows Domains, including Group Policy in Active Directory, to centrally manage user and device configurations. Backing up and restoring Group Policy Editor settings can then be done as part of routine backups on the server, rather than per-device.

Windows domains with Active Directory are the industry standard for centrally managing users and configuring Windows devices. It includes management and security tools (including identity and access management, firewalls, and anti-malware) to manage access and protect assets. Furthermore, you can improve the security and resiliency of your enterprise networks with the implementation of remote monitoring and management. This is vital for organizations that also deploy Apple and Android devices (in addition to their Windows PCs) as it provides a comprehensive, cross-platform monitoring and management solution for all of your devices.

NinjaOne is a powerful endpoint management solution with a unified interface for deploying and maintaining Windows 11 devices. It integrates with endpoint protection and helps you oversee group policies for hundreds or thousands of users, as well as centrally manage the backup process for your servers, workstations, and mobile devices.

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about Ninja Endpoint Management, check out a live tour, or start your free trial of the NinjaOne platform.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).