我正在尝试阻止麦克风驱动程序更新,如下所述这里。
但是我使用的是 Windows 10 家庭版。所以默认情况下我没有 gpedit.msc。我安装了它。运行它,我发现Device Installation里面没有菜单Local Computer Policy → Computer Configuration → Administrative Templates → System。
Device Installation我在另一台机器上确实有windows 10 Enterprise。所以我决定将这些设置从企业版导出到家庭版 Windows。我正在使用LGPO 工具为了它。
我使用以下命令成功导出本地组策略设置windows enterprise:
LGPO.exe /b backup_path
但在 Windows Home 上导入失败。我运行
LGPO.exe /g backup_path
并且有:
C:\WINDOWS\system32>LGPO.exe /g C:\Users\Евгений\Downloads\backup\backup
LGPO.exe v2.2 - Local Group Policy Object utility
Audit policy directory exists
Copied C:\Users\
[[[ Security template log file output follows: C:\Users\B7E3~1\AppData\Local\Temp\GPTEE39.tmp ]]]
Completed 1 percent (0/63) Process Privilege Rights area
Completed 3 percent (1/63) Process Privilege Rights area
Completed 4 percent (2/63) Process Privilege Rights area
Completed 6 percent (3/63) Process Privilege Rights area
Completed 7 percent (4/63) Process Privilege Rights area
Completed 9 percent (5/63) Process Privilege Rights area
Completed 11 percent (6/63) Process Privilege Rights area
Completed 12 percent (7/63) Process Privilege Rights area
Completed 14 percent (8/63) Process Privilege Rights area
Completed 15 percent (9/63) Process Privilege Rights area
Completed 17 percent (10/63) Process Privilege Rights area
Completed 19 percent (11/63) Process Privilege Rights area
Completed 20 percent (12/63) Process Privilege Rights area
Completed 22 percent (13/63) Process Privilege Rights area
Completed 23 percent (14/63) Process Privilege Rights area
Completed 25 percent (15/63) Process Privilege Rights area
Completed 25 percent (15/63) Process Group Membership area
Completed 49 percent (30/63) Process Group Membership area
Completed 49 percent (30/63) Process Registry Keys area
Completed 49 percent (30/63) Process File Security area
Completed 49 percent (30/63) Process Services area
Completed 65 percent (40/63) Process Services area
Completed 73 percent (45/63) Process Services area
Completed 73 percent (45/63) Process Security Policy area
Completed 77 percent (48/63) Process Security Policy area
Completed 84 percent (52/63) Process Security Policy area
Completed 88 percent (55/63) Process Security Policy area
Completed 93 percent (58/63) Process Security Policy area
Completed 100 percent (63/63) Process Security Policy area
No mapping between account names and security IDs was done.
The task has completed with an error.
SECEDIT.EXE exited with exit code 1
----------------------------------------------------------------------
如何修复该No mapping between account names and security IDs was done.
错误,或者我应该以其他方式导出/导入本地组策略设置?
答案1
答案2
这并不能完全解决问题。对于家庭版,无论使用 lgpo 还是 Policy Plus 导入,您都需要 ADMX 文件,policy plus 只是简化了这个过程,但它们在本文发布时已经有些过时了(2017 年)。仍然没有任何实质性的东西,我在网上找不到任何信息。如果您编辑 LGPO.exe,则不会抛出任何错误{********-****-****-****-************}\DomainSysvol\GPO\Machine\microsoft\windows nt\SecEdit\GptTmpl.inf并彻底删除“[特权权利]”部分。
这意味着“用户权限分配”是唯一未导入的部分,或者说,导入后未正确映射的部分。删除该部分可消除错误。
在家庭版中,您不会有任何 ADMX 文件可以在 gpedit.msc 下实际看到它们;这是 Policy Plus 的亮点...然而开发人员声称它仅适用于“管理模板”,并且距离支持导入/导出本地 Windows/安全策略(用户权限和安全选项)还有很长的路要走。
如果有人对这个错误代码有任何解决方案,并且可以告诉我们它是否真的很重要,它是否是一个安全威胁,如果 lgpo.exe 跳过导入,或者如果它确实跳过了导入,Windows 是否会在导入/重启时重新映射 ID 本身或其他什么的,我将非常感激听到这个消息。
答案3
没错,Boja。虽然,就我而言,我试图将域策略副本中的设置导入到独立的 Win7 客户端中,但还是出现了同样的错误。但我没有删除整个 [用户权限分配] 部分,只是删除了对域管理员、企业管理员、*S-1-5-32-546(来宾)以及该部分中的任何专有域管理员组的引用,具体来说,删除了以下策略中的引用:
SeDenyBatchLogonRight = SeDenyServiceLogonRight = SeDenyInteractiveLogonRight = SeDenyNetworkLogonRight = SeDenyRemoteInteractiveLogonRight =
一旦我这样做了,LGPO 就会顺利导入 GPO!
LGPO.exe /g 备份路径
希望这能够帮助其他人。
干杯!