Solved

AD GPO - Only Delete User Configuration Settings

Posted on 2010-09-14
4
562 Views
Last Modified: 2012-08-13
This is probably a simple question, but seeing as I have done multiple searches through google, EE, and my AD books I still cant find an answer.

Is there a way to DELETE (not disable) the User Configuration Settings that were previously setup in a GPO?  I don't want to delete the GP as I have workstation policies that I want to keep, but I just want to get rid of the User settings inside the GPO.  

Again I dont want to use the "Disable User Configuration settings" option, I am looking for the "Delete/Remove User Configuration settings" option.

Thanks for any help.
0
Comment
Question by:nakoz69
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33673023
No, there isn't a way that I know of to either delete or just remove all the user settings.  Even if you remove the GPO there is still the possibility of tattooing on some settings   http://www.gpoguy.com/FAQs/Whitepapers/tabid/63/articleType/ArticleView/articleId/5/Understanding-Policy-Tattooing.aspx
 
Thanks
Mike
0
 
LVL 70

Expert Comment

by:KCTS
ID: 33673162
There is no way - I know you said you didn't want to but you could disble the user config - that would do what you want and also speed up GPO processing as its not trying to read and apply a load of blank settings
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33673264
There is definitely debate about disabling a portion of the GPO for perf gains.  I used to think it would yield good gains until I read Darren's article a few years ago
http://technet.microsoft.com/en-us/magazine/2008.01.gpperf.aspx
 ****from the link****
In addition, disabling the computer or user side of a GPO because it is unused has little effect on policy processing performance. If a policy side is unused, the only overhead will be in querying Active Directory to determine that, and the same query must be performed to view the disable option as the one that occurs to determine whether any CSEs have been implemented for that side of the GPO. The effect of disabling a side is negligible.
****
Thanks
Mike
 
0
 
LVL 17

Expert Comment

by:James Haywood
ID: 33673804
I would do the following

Remove the GPO from the client completely http://support.microsoft.com/kb/313222/en-us & http://cobracommunications.co.uk/2010/09/14/remove-group-polices-from-clients/

Change the GPO by setting all user settings to not-configured

Run gpupdate /force on the client to reapply the new version of the GPO
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question