Persistent registry settings on a workgroup computer with local group policy

Question

From what I understand (and have tested) in What is the difference between Group Policy and Registry Policy processing in Windows?, computers within a domain would have a policy refresh every 90 to 120 minutes. Using this, I have set a GPO that updates the respective registry keys that are desired.

However, I need to do this in a Workgroup setting (i.e. environment without domains) for a single computer. From what I understand, the Local Security Policy cannot have new policies added to it, thus the concept from implementing the solution in a domain setting cannot be applied here.

May I ask how am I able to implement the "sticking" of registry keys in a single Windows client machine not connected to any domain please?

Answer 1

PowerShell Desired State Configuration (DSC) is sometimes used for this.

Quickstart: Convert Group Policy into DSC
https://docs.microsoft.com/en-us/powershell/scripting/dsc/quickstarts/gpo-quickstart

Answer 2

You can still create and apply ADMX files (group policy templates) using the local group policy editor on a machine that is not joined to a domain.

See Microsoft's "Understanding ADMX-backed policies" to get started, and then create an ADMX file with your registry settings. As an alternative to creating the ADMX from scratch, you can convert a REG file to ADMX using this script from the TechNet Gallery. A decent walkthrough for creating a new ADMX template can be found on 4Sysops (or other sites).

Once you have you ADMX file, open the local group policy editor, right-click on the Administrative Templates node, and add your new template that contains the registry settings. Note, after doing this, you will see a warning on each new setting (in the GP Editor) about registry setting tattooing. This means that if the policy is ever removed, the registry settings will not revert back to their previous state.