One of my customers requires additional security settings beyond the OMB-mandated Federal Desktop Core Configuration (FDCC) and I need to apply the settings as local policy during the MDT build process so that disconnected systems still get a baseline of policy. So here's the process I used to generate the policy objects and then apply them to the build.
Type: Run Command LineName: Custom Set Audit PolicyCommand Line: cmd /c "%SCRIPTROOT%\CustomSetAuditPolicy-v2.cmd" > C:\Windows\security\logs\CustomSetAuditPolicy.log 2>&1
Type: Run Command LineName: Custom Apply LGPOCommand Line: cmd /c "%SCRIPTROOT%\CustomApplyLGPO-v3.cmd > C:\Windows\security\logs\CustomApplyLGPO.log 2>&1
If anyone can think of an easier/faster way to do any of the above, I welcome your comments.
The GPOAccelerator is no longer available. It has been replaced with Microsoft Security Compliance Manager and the Local Policy Tool, see social.technet.microsoft.com/.../what-happened-to-the-gpo-accelerator.aspx for more details. You can download SCM at technet.microsoft.com/.../cc677002.aspx. If you have more questions feel free to contact me directly our our team's address, email@example.com.