Solved

How to remove/reset previous GPO settings from computer that is no longer part of the domain

Posted on 2016-11-23
2
72 Views
Last Modified: 2017-01-11
I have a computer that is no longer on the domain. It still have the GPO's from when it was on the domain. I've tried multiple suggestions of
clearing/resetting it but none of them have worked. Below are just a few i've tried:

Delete the "HKLM\Software\Policies\Microsoft" Key (looks like a folder).
Delete the "HKCU\Software\Policies\Microsoft" Key
Delete the "HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects" Key.
Delete the "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" Key.

Delete C:\WINDOWS\security\Database\secedit.sdb
Gpupdate /force /boot

I know it is still hanging on to the previous GPO because we had a setting to display some custom verbiage at the login screen - which is still showing up.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Expert Comment

by:Raul Ivan Medina Urista
ID: 41899586
Try with these keys gpupdate /force and restart the computer:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History

Regards
Raúl Medina
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 41899857
Many group policy settings (true "policies") are removed whenever the GPO no longer applies, but then there are preferences which tattoo their settings, and the setting does not revert when the GPO is gone.  To undo these preferences, you have to set the GPO to reverse the setting it previously made.
Here's a couple links which explain the difference between GP policy, preferences, and GP Preferences.
http://blogs.technet.com/b/grouppolicy/archive/2008/03/04/gp-policy-vs-preference-vs-gp-preferences.aspx
https://sdmsoftware.com/gpoguy/whitepapers/understanding-policy-tattooing/

So the answer to your question is "it depends".  There is no one registry key that you can delete to revert all GP settings.  Depending on the setting, it could be anywhere, even something outside the registry.

To try to track it down, you would need to know the exact setting, and then look it up in the GP reference spreadsheet from MS (available as part of the .ADMX files download, and that's assuming that the setting is even part of that).  From there you could see what registry value it sets.  If it's not part of the above, then you'll have to look at the GPO that configures the particular setting you're seeing, and go from there.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question