• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 527
  • Last Modified:

Disabling a Local Group Policy Setting

Can someone please help with group policy:

Is there a script out there that will disable a LOCAL group policy setting on all computers in a domain.   I would like to uncheck/disable the setting "Enable Automatic Configuration" found in \User Configuration\Windows Settings\Internet Explorer Maintenance\Connection\Automatic Browswer Configuration.

The reason for this is that we are going away from using the Auto-Config URL(.ins file) found on the local group policy on our clients and using the Domain Group Policy to configure our IE Settings.  The problem we are having is that the clients are not grabbing the Automatic Browswer Configuration settings from the Domain group policy.  The local group policy for that settings is taking precedence.  In the domain group policy, the "Enable Automatic Configuration" is left unchecked, which is what we would like to implement.

We are running Win 2003 Active Directory with Windows XP SP1 and SP2 clients.  If someone has a solution, please help. Thanks!
0
Rich22
Asked:
Rich22
  • 4
  • 2
1 Solution
 
KenneniahCommented:
If you want to wipe out all local group policies, use a script to delete the registry.pol files in C:\WINDOWS\system32\GroupPolicy\User and C:\WINDOWS\system32\GroupPolicy\Machine, and the install.ins file in C:\WINDOWS\system32\GroupPolicy\User\MICROSOFT\IEAK.

For just things found in User Configuration|Windows Settings|Internet Explorer just deleting the install.ins file would be sufficient.

After deletion, either have it run "gpupdate /force" or reboot the computer. Some policies might not actually get removed until a reboot or logoff/logon, but most should take affect after the gupdate.
0
 
Rich22Author Commented:
Removing all files removed the local group policy settings.  However the .INS file still exists in IE.  Also when I run a the Group Policy Results wizard, I still see Local group Policy settings applied.
0
 
KenneniahCommented:
How did you apply the original settings in the first place? Did you run gpedit on all the computers manually?
And when you say you removed all the files...you mean both registry.pol files (if they existed) and the install.ins in C:\WINDOWS\system32\GroupPolicy\User\MICROSOFT\IEAK?
After deleting the files, did you reboot, or at the very least run gpupdate /force?
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
Rich22Author Commented:
All our PCs use an image.  In the image we ran gpedit.msc on the local machine to configure the settings.  We were using the local group policies for a while until 3 weeks ago where we implemented the Domain group policy.
I removed all files that you specified above and ran gpupdate /force as well as reboot.

0
 
KenneniahCommented:
And BTW, removing those files removes group policies created by gpedit. Any policies that were done directly by registry would not be affected, so it depends on how the original Autoconfiguration was added.

Also, this would only remove the policies. If the autoconfiguration script was configured in the user's profile at any time, it might still be in their HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings  "AutoConfigUrl"
and/or it might have been added to....
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "AutoConfigUrl"

Depending on where this exists either use a system start script with....
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigUrl /f

Or a user logon script with.....
reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigUrl /f

Or to be safe use both. They do have to be seperate scripts though, one startup and one logon as a normal user can't delete from HKLM, and HKCU isn't loaded till a user logs in.
0
 
KenneniahCommented:
Ok posted that last before I saw your next post. Mostly likely it's a remnant left in one of the registry keys I mentioned. Which one it would be in would depend on if the "Make Proxy settings per machine rather than per user" policy had ever been set. But to make sure it's removed completely from all, I'd just run both scripts.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now