Solved

How to remove/reset previous GPO settings from computer that is no longer part of the domain

Posted on 2016-11-23
2
79 Views
Last Modified: 2017-01-11
I have a computer that is no longer on the domain. It still have the GPO's from when it was on the domain. I've tried multiple suggestions of
clearing/resetting it but none of them have worked. Below are just a few i've tried:

Delete the "HKLM\Software\Policies\Microsoft" Key (looks like a folder).
Delete the "HKCU\Software\Policies\Microsoft" Key
Delete the "HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects" Key.
Delete the "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" Key.

Delete C:\WINDOWS\security\Database\secedit.sdb
Gpupdate /force /boot

I know it is still hanging on to the previous GPO because we had a setting to display some custom verbiage at the login screen - which is still showing up.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Expert Comment

by:Raul Ivan Medina Urista
ID: 41899586
Try with these keys gpupdate /force and restart the computer:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History

Regards
Raúl Medina
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 41899857
Many group policy settings (true "policies") are removed whenever the GPO no longer applies, but then there are preferences which tattoo their settings, and the setting does not revert when the GPO is gone.  To undo these preferences, you have to set the GPO to reverse the setting it previously made.
Here's a couple links which explain the difference between GP policy, preferences, and GP Preferences.
http://blogs.technet.com/b/grouppolicy/archive/2008/03/04/gp-policy-vs-preference-vs-gp-preferences.aspx
https://sdmsoftware.com/gpoguy/whitepapers/understanding-policy-tattooing/

So the answer to your question is "it depends".  There is no one registry key that you can delete to revert all GP settings.  Depending on the setting, it could be anywhere, even something outside the registry.

To try to track it down, you would need to know the exact setting, and then look it up in the GP reference spreadsheet from MS (available as part of the .ADMX files download, and that's assuming that the setting is even part of that).  From there you could see what registry value it sets.  If it's not part of the above, then you'll have to look at the GPO that configures the particular setting you're seeing, and go from there.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question