blocking group policy locally?

Hello I'm wondering if there is a way   to block group policy locally..I've tried adding filters and to block the computer over domain. But it still is holding onto the lock out media policy I have in place.
M BNetwork SpecialistAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

M BNetwork SpecialistAuthor Commented:
I have done a gpupdate  /force and restarted
0
jacobstewartCommented:
How is the lock put policy applied?  im assuming its a computer based policy but is it enforced at the domain level or OU level?  If its domain level you will never get around it unless its removed.  

We run OU based policies makes for much easier testing and removal.
0
M BNetwork SpecialistAuthor Commented:
OU .. the policy has been deleted ..yes computer configuration
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

jacobstewartCommented:
Did you unlink the policy before deleting it?  What were the actions set to on the policy for when the policy was removed? Such as revert or leaves settings as applied?  My guess is that the policy was set to leave the settings rather than revert and was not unlinked prior to removal.

You may be stuck manually changing the settings on your machine that were applied by the policy if it was not removed and defined correctly.  

I would say move your computer to an OU that the policy is not applied to but since the policy has been deleted thats not going to work for you.
0
Natty GregIn Theory (IT)Commented:
Only can change at the domain level, since the domain policy overrides everything
0
rhandelsCommented:
Maybe i'm misinterpreting the question but do you want to block the local policy a user can set by opening the gpedit.msc?? If so, there is no real way to block this policy because the last policy that will be applied is the local policy on a machine. You could block the gpedit.msc off course.

If you mean that you set a policy and want it to be removed than that's a hole different story.
The problem is that some policies are being tattooed into the registry. This means that, if you for example set a policy to be enabled and remove it afterwards (or choose not configured) the setting will not be changed because the policy effectively changed the registry setting. The only option to change the setting is to attach a policy and choose disabled (if the prior selection was enabled). Or try to find the registry setting and import it using a GPO with a preference setting for registry settings.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.