Disabling a Local Group Policy Setting

Posted on 2006-05-18
Medium Priority
Last Modified: 2008-01-09
Can someone please help with group policy:

Is there a script out there that will disable a LOCAL group policy setting on all computers in a domain.   I would like to uncheck/disable the setting "Enable Automatic Configuration" found in \User Configuration\Windows Settings\Internet Explorer Maintenance\Connection\Automatic Browswer Configuration.

The reason for this is that we are going away from using the Auto-Config URL(.ins file) found on the local group policy on our clients and using the Domain Group Policy to configure our IE Settings.  The problem we are having is that the clients are not grabbing the Automatic Browswer Configuration settings from the Domain group policy.  The local group policy for that settings is taking precedence.  In the domain group policy, the "Enable Automatic Configuration" is left unchecked, which is what we would like to implement.

We are running Win 2003 Active Directory with Windows XP SP1 and SP2 clients.  If someone has a solution, please help. Thanks!
Question by:Rich22
  • 4
  • 2
LVL 24

Expert Comment

ID: 16712322
If you want to wipe out all local group policies, use a script to delete the registry.pol files in C:\WINDOWS\system32\GroupPolicy\User and C:\WINDOWS\system32\GroupPolicy\Machine, and the install.ins file in C:\WINDOWS\system32\GroupPolicy\User\MICROSOFT\IEAK.

For just things found in User Configuration|Windows Settings|Internet Explorer just deleting the install.ins file would be sufficient.

After deletion, either have it run "gpupdate /force" or reboot the computer. Some policies might not actually get removed until a reboot or logoff/logon, but most should take affect after the gupdate.

Author Comment

ID: 16713320
Removing all files removed the local group policy settings.  However the .INS file still exists in IE.  Also when I run a the Group Policy Results wizard, I still see Local group Policy settings applied.
LVL 24

Expert Comment

ID: 16713555
How did you apply the original settings in the first place? Did you run gpedit on all the computers manually?
And when you say you removed all the files...you mean both registry.pol files (if they existed) and the install.ins in C:\WINDOWS\system32\GroupPolicy\User\MICROSOFT\IEAK?
After deleting the files, did you reboot, or at the very least run gpupdate /force?
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 16713641
All our PCs use an image.  In the image we ran gpedit.msc on the local machine to configure the settings.  We were using the local group policies for a while until 3 weeks ago where we implemented the Domain group policy.
I removed all files that you specified above and ran gpupdate /force as well as reboot.

LVL 24

Accepted Solution

Kenneniah earned 2000 total points
ID: 16713665
And BTW, removing those files removes group policies created by gpedit. Any policies that were done directly by registry would not be affected, so it depends on how the original Autoconfiguration was added.

Also, this would only remove the policies. If the autoconfiguration script was configured in the user's profile at any time, it might still be in their HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings  "AutoConfigUrl"
and/or it might have been added to....
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "AutoConfigUrl"

Depending on where this exists either use a system start script with....
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigUrl /f

Or a user logon script with.....
reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigUrl /f

Or to be safe use both. They do have to be seperate scripts though, one startup and one logon as a normal user can't delete from HKLM, and HKCU isn't loaded till a user logs in.
LVL 24

Expert Comment

ID: 16713692
Ok posted that last before I saw your next post. Mostly likely it's a remnant left in one of the registry keys I mentioned. Which one it would be in would depend on if the "Make Proxy settings per machine rather than per user" policy had ever been set. But to make sure it's removed completely from all, I'd just run both scripts.

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question