Disabling a Local Group Policy Setting

Posted on 2006-05-18
Last Modified: 2008-01-09
Can someone please help with group policy:

Is there a script out there that will disable a LOCAL group policy setting on all computers in a domain.   I would like to uncheck/disable the setting "Enable Automatic Configuration" found in \User Configuration\Windows Settings\Internet Explorer Maintenance\Connection\Automatic Browswer Configuration.

The reason for this is that we are going away from using the Auto-Config URL(.ins file) found on the local group policy on our clients and using the Domain Group Policy to configure our IE Settings.  The problem we are having is that the clients are not grabbing the Automatic Browswer Configuration settings from the Domain group policy.  The local group policy for that settings is taking precedence.  In the domain group policy, the "Enable Automatic Configuration" is left unchecked, which is what we would like to implement.

We are running Win 2003 Active Directory with Windows XP SP1 and SP2 clients.  If someone has a solution, please help. Thanks!
Question by:Rich22
    LVL 24

    Expert Comment

    If you want to wipe out all local group policies, use a script to delete the registry.pol files in C:\WINDOWS\system32\GroupPolicy\User and C:\WINDOWS\system32\GroupPolicy\Machine, and the install.ins file in C:\WINDOWS\system32\GroupPolicy\User\MICROSOFT\IEAK.

    For just things found in User Configuration|Windows Settings|Internet Explorer just deleting the install.ins file would be sufficient.

    After deletion, either have it run "gpupdate /force" or reboot the computer. Some policies might not actually get removed until a reboot or logoff/logon, but most should take affect after the gupdate.

    Author Comment

    Removing all files removed the local group policy settings.  However the .INS file still exists in IE.  Also when I run a the Group Policy Results wizard, I still see Local group Policy settings applied.
    LVL 24

    Expert Comment

    How did you apply the original settings in the first place? Did you run gpedit on all the computers manually?
    And when you say you removed all the mean both registry.pol files (if they existed) and the install.ins in C:\WINDOWS\system32\GroupPolicy\User\MICROSOFT\IEAK?
    After deleting the files, did you reboot, or at the very least run gpupdate /force?

    Author Comment

    All our PCs use an image.  In the image we ran gpedit.msc on the local machine to configure the settings.  We were using the local group policies for a while until 3 weeks ago where we implemented the Domain group policy.
    I removed all files that you specified above and ran gpupdate /force as well as reboot.

    LVL 24

    Accepted Solution

    And BTW, removing those files removes group policies created by gpedit. Any policies that were done directly by registry would not be affected, so it depends on how the original Autoconfiguration was added.

    Also, this would only remove the policies. If the autoconfiguration script was configured in the user's profile at any time, it might still be in their HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings  "AutoConfigUrl"
    and/or it might have been added to....
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "AutoConfigUrl"

    Depending on where this exists either use a system start script with....
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigUrl /f

    Or a user logon script with.....
    reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigUrl /f

    Or to be safe use both. They do have to be seperate scripts though, one startup and one logon as a normal user can't delete from HKLM, and HKCU isn't loaded till a user logs in.
    LVL 24

    Expert Comment

    Ok posted that last before I saw your next post. Mostly likely it's a remnant left in one of the registry keys I mentioned. Which one it would be in would depend on if the "Make Proxy settings per machine rather than per user" policy had ever been set. But to make sure it's removed completely from all, I'd just run both scripts.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    I wanted to pass this along in case anyone has a problem removing a device from the Device Manager, or if you suspect a corrupted Driver that you want to remove in its entirety. I know it is kinda lengthy and very basic in its format, but I figured …
    Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now