I run a small computer lab of 10 laptops using Windows 7 x64 Enterprise edition. In order to prevent users from changing the settings, I have created a Group Policy Object that restricts access to the Control Panels, among other things.

When I built the GPO just the way I need it, I found out that I couldn't transfer the object. The new computer simply does not have the permissions to use the object and I haven't been able to figure out a work around. My research suggests that this problem is usually solved by enforcing group policy through use of Server 2008, an option I don't have.

Does anyone know of a way I can transfer Group Policy made on one computer to another without manually rebuilding it?

I think you can copy the contents of c:\Windows\System32\GroupPolicy to each machine. Be sure to show hidden files.

I haven't tried this as I usually use Windows server to setup group policy for multiple machines, but it should work.

I tried this with no success.

I think I might be using the wrong jargon. What I have done is created a Microsoft Common Console Document (.msc) with the Microsoft Management Console and used the Group Policy Object snap in. I have set this to apply to a particular user and then edited the settings under "Administrative Templates".

When I try to open this file on another computer, I get the error "Failed to open the Group Policy Object on this computer. You may not have appropriate rights." The details read, "No mapping between account names and security IDs was done".

The back story to my problem is that I created an image where the .msc file worked. I sysprepped the image before I cloned it which seems to be the problem. Sysprep seems to delete information related to the permission governing access to the file.

Not sure how this works in your situation. Each machine has it's own SID. Not a problem if you use a server and add all the machine names from Active Directory. Basically you are trying to duplicate policies without giving the policy every name and SID of every machine on the network you want to manage.

Here are some troubleshooting tips. http://support.microsoft.com/kb/324383

Not sure how this works in your situation. Each machine has it's own SID. Not a problem if you use a server and add all the machine names from Active Directory. Basically you are trying to duplicate policies without giving the policy every name and SID of every machine on the network you want to manage.

Here are some troubleshooting tips.

http://support.microsoft.com/kb/324383

http://technet.microsoft.com/en-us/library/cc766291(WS.10).aspx