[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 96
  • Last Modified:

How to remove/reset previous GPO settings from computer that is no longer part of the domain

I have a computer that is no longer on the domain. It still have the GPO's from when it was on the domain. I've tried multiple suggestions of
clearing/resetting it but none of them have worked. Below are just a few i've tried:

Delete the "HKLM\Software\Policies\Microsoft" Key (looks like a folder).
Delete the "HKCU\Software\Policies\Microsoft" Key
Delete the "HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects" Key.
Delete the "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" Key.

Delete C:\WINDOWS\security\Database\secedit.sdb
Gpupdate /force /boot

I know it is still hanging on to the previous GPO because we had a setting to display some custom verbiage at the login screen - which is still showing up.
0
Health Payment Systems
Asked:
Health Payment Systems
1 Solution
 
Raul Ivan Medina UristaServer AdministratorCommented:
Try with these keys gpupdate /force and restart the computer:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History

Regards
Raúl Medina
0
 
footechCommented:
Many group policy settings (true "policies") are removed whenever the GPO no longer applies, but then there are preferences which tattoo their settings, and the setting does not revert when the GPO is gone.  To undo these preferences, you have to set the GPO to reverse the setting it previously made.
Here's a couple links which explain the difference between GP policy, preferences, and GP Preferences.
http://blogs.technet.com/b/grouppolicy/archive/2008/03/04/gp-policy-vs-preference-vs-gp-preferences.aspx
https://sdmsoftware.com/gpoguy/whitepapers/understanding-policy-tattooing/

So the answer to your question is "it depends".  There is no one registry key that you can delete to revert all GP settings.  Depending on the setting, it could be anywhere, even something outside the registry.

To try to track it down, you would need to know the exact setting, and then look it up in the GP reference spreadsheet from MS (available as part of the .ADMX files download, and that's assuming that the setting is even part of that).  From there you could see what registry value it sets.  If it's not part of the above, then you'll have to look at the GPO that configures the particular setting you're seeing, and go from there.
0

Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

Tackle projects and never again get stuck behind a technical roadblock.
Join Now