Solved

blocking group policy locally?

Posted on 2014-09-17
6
181 Views
Last Modified: 2014-09-24
Hello I'm wondering if there is a way   to block group policy locally..I've tried adding filters and to block the computer over domain. But it still is holding onto the lock out media policy I have in place.
0
Comment
Question by:M B
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 

Author Comment

by:M B
ID: 40328660
I have done a gpupdate  /force and restarted
0
 
LVL 6

Expert Comment

by:jacobstewart
ID: 40328825
How is the lock put policy applied?  im assuming its a computer based policy but is it enforced at the domain level or OU level?  If its domain level you will never get around it unless its removed.  

We run OU based policies makes for much easier testing and removal.
0
 

Author Comment

by:M B
ID: 40328887
OU .. the policy has been deleted ..yes computer configuration
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 6

Expert Comment

by:jacobstewart
ID: 40328909
Did you unlink the policy before deleting it?  What were the actions set to on the policy for when the policy was removed? Such as revert or leaves settings as applied?  My guess is that the policy was set to leave the settings rather than revert and was not unlinked prior to removal.

You may be stuck manually changing the settings on your machine that were applied by the policy if it was not removed and defined correctly.  

I would say move your computer to an OU that the policy is not applied to but since the policy has been deleted thats not going to work for you.
0
 
LVL 13

Expert Comment

by:Natty Greg
ID: 40329544
Only can change at the domain level, since the domain policy overrides everything
0
 
LVL 23

Accepted Solution

by:
rhandels earned 500 total points
ID: 40329728
Maybe i'm misinterpreting the question but do you want to block the local policy a user can set by opening the gpedit.msc?? If so, there is no real way to block this policy because the last policy that will be applied is the local policy on a machine. You could block the gpedit.msc off course.

If you mean that you set a policy and want it to be removed than that's a hole different story.
The problem is that some policies are being tattooed into the registry. This means that, if you for example set a policy to be enabled and remove it afterwards (or choose not configured) the setting will not be changed because the policy effectively changed the registry setting. The only option to change the setting is to attach a policy and choose disabled (if the prior selection was enabled). Or try to find the registry setting and import it using a GPO with a preference setting for registry settings.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question