When .NET Framework 2 Strong Crypro is enabled, it is displayed as Disabled in the GPO settings page. But the settings are made correct in the GPO - so the basic mechanism is correct.

When searching where this could be wrong, I discovered that in the "" for Strong Crypto the last disabled setting has a value of 1 instead of 0.

Brgds Deas

Hi !

Thank you for reporting this bug, indeed it was a typo from my part, this is fixed in the 1.0.21 version.

Glad to see someone using this project in the wild ! :)

Hi, thanks for fixing this so quick! :)

I am glad that someone is doing this work! I used the registry section before for those settings but LGPO.exe is not able to replicate registry keys from an exported domain GPO to standaone servers. This way it will hopefully work, but I was not able to test it so far.

Would be nice if you could implement other security settings currently distributed only by registry "hack" like CWDIllegalInDllSearch.

Brgds Deas

Yeah, LGPO is able to restore standalone registry keys, but only from a PolicyRules file where you'd have manually added them, unfortunately (and it doesn't handle REG_MULTI_SZ values when you import from PolicyRules, it's a known bug).

We already have CWDIllegalInDllSearch in our PolicyRules file so I didn't add it in the ADMX, but i's a good idea. If you have other suggestions, I'm all ears ! :)