[Post-Setup] best practice to deploy/migrate local security policy?

[TT9tWhD$q]

• host W10 Pro x_64 1909 b18363.657
• target same as host
• NTL 1.9.0.7330 x_64 portable mode

______

Trying to deploy/migrate local security policy through Post-Setup with

secedit /import /db %windir%\security\database\secedit.sdb /cfg %SystemDrive%\secpol\ba.inf

does not pan out - as in once the user is logged in on the target only default is applied.

Is the OS installation routine wiping the imported template after the Post-Setup or something wrong with the code line?

 

[TT9tWhD$q]

added the /log option for the secedit command and the log got created, least the command ran, but the log file turned out empty and the local security template not been applied. I am still not certain whether

%windir%\security\database\secedit.sdb

is the right db to manipulate but from searching the public domain that would seem the db to target.