REM 4. Import security template (User Rights, Audit, etc.) secedit /configure /db secedit.sdb /cfg C:\PolicyBackup\security.inf /quiet
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v AllowCortana /t REG_DWORD /d 0 /f (User Config > Admin Templates > Windows Components > File Explorer) local group policy editor command line
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoRebootWithLoggedOnUsers /t REG_DWORD /d 1 /f (Computer Config > Admin Templates > Windows Components > Search) export the policy
gpupdate /force && wevtutil qe "Microsoft-Windows-GroupPolicy/Operational" /c:5 /f:text The Local Group Policy Editor’s Security Settings node (Account Policies, Local Policies, Audit Policies, User Rights Assignments) is managed separately via secedit.exe . Common Secedit Commands Export current security policy to an INF file: Admin Templates >
REM 3. Apply additional registry-only policies reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v DisableWindowsUpdateAccess /t REG_DWORD /d 1 /f reg add "HKCU\Control Panel\Desktop" /v MenuShowDelay /t REG_SZ /d 0 /f
REM 5. Force update and log gpupdate /force /logoff
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose First, export the policy, edit the INF file’s [Privilege Rights] section, then re-import: