Solved

How to remove/reset previous GPO settings from computer that is no longer part of the domain

Posted on 2016-11-23
2
55 Views
Last Modified: 2017-01-11
I have a computer that is no longer on the domain. It still have the GPO's from when it was on the domain. I've tried multiple suggestions of
clearing/resetting it but none of them have worked. Below are just a few i've tried:

Delete the "HKLM\Software\Policies\Microsoft" Key (looks like a folder).
Delete the "HKCU\Software\Policies\Microsoft" Key
Delete the "HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects" Key.
Delete the "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies" Key.

Delete C:\WINDOWS\security\Database\secedit.sdb
Gpupdate /force /boot

I know it is still hanging on to the previous GPO because we had a setting to display some custom verbiage at the login screen - which is still showing up.
0
Comment
2 Comments
 
LVL 2

Expert Comment

by:Raul Ivan Medina Urista
ID: 41899586
Try with these keys gpupdate /force and restart the computer:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History

Regards
Raúl Medina
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 41899857
Many group policy settings (true "policies") are removed whenever the GPO no longer applies, but then there are preferences which tattoo their settings, and the setting does not revert when the GPO is gone.  To undo these preferences, you have to set the GPO to reverse the setting it previously made.
Here's a couple links which explain the difference between GP policy, preferences, and GP Preferences.
http://blogs.technet.com/b/grouppolicy/archive/2008/03/04/gp-policy-vs-preference-vs-gp-preferences.aspx
https://sdmsoftware.com/gpoguy/whitepapers/understanding-policy-tattooing/

So the answer to your question is "it depends".  There is no one registry key that you can delete to revert all GP settings.  Depending on the setting, it could be anywhere, even something outside the registry.

To try to track it down, you would need to know the exact setting, and then look it up in the GP reference spreadsheet from MS (available as part of the .ADMX files download, and that's assuming that the setting is even part of that).  From there you could see what registry value it sets.  If it's not part of the above, then you'll have to look at the GPO that configures the particular setting you're seeing, and go from there.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
While working, an annoying popup showing below will come and we cannot cancel or close it form the screen. The error message will come again and again.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question