Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Clear GPO settings from PC

Status
Not open for further replies.
acford

acford

MIS
Nov 12, 2003
90
0
0
GB
Hi,

So, I want to clear all GPO settings that have every been applied to a machine. This machine has moved OUs and domains a few times... I was under the impression it would just get the GPO settings applied to a specific OU... How do I start from fresh without moved the computer object/user object again?

Must be a command or script or something?!?

Ta
 
Sort by date Sort by votes
You really can't. Some GPO settings make changes that are updated every time the GPO runs. Others make changes that aren't necessary to be changed every time. You could remove all GPOs from the OU that that machine is in, but that doesn't mean the machine is going to go back to "like new, unadulterated" state. You'd have to log every change that every GPO makes, then go through and manually change each setting on the machine back to it's default.

Like I mentioned above - when you remove the machine from an OU, or remove the GPOs from the OU, *SOME* settings may revert. But certainly not all of them.

Pat Richard
Microsoft Exchange MVP
Contributing author The Complete Reference: Microsoft Exchange Server 2007
 
Upvote 0 Downvote
have you tried the 'gpupdate' command to see if it updates the system settings?


ive got users that bounce around to different OU's, but those are just user policy, not a machine, but hey, its worth a try....GL

Gpupdate
Refreshes local Group Policy settings and Group Policy settings that are stored in Active Directory, including security settings. This command supersedes the now obsolete /refreshpolicy option for the secedit command.





Life is not a journey to the grave with the intention
of arriving safely in a pretty and well preserved body,
but rather to skid in broadside, thoroughly used up,
totally worn out, and loudly proclaiming

--"WOW-- What a Ride!"
 
Upvote 0 Downvote
Syntax
gpupdate [/target:{computer | user}] [/force] [/wait:Value] [/logoff] [/boot]

Parameters

/target:{computer | user}
Processes only the Computer settings or the current User settings. By default, both the computer settings and the user settings are processed.

/force
Ignores all processing optimizations and reapplies all settings.

/wait:Value
Number of seconds that policy processing waits to finish. The default is 600 seconds. 0 equals no wait, and -1 equals wait indefinitely.

/logoff
Logs off after the refresh has completed. This is required for those Group Policy client-side extensions that do not process on a background refresh cycle but that do process when the user logs on, such as user Group Policy Software Installation and Folder Redirection. This option has no effect if there are no extensions called that require the user to log off.

/boot
Restarts the computer after the refresh has completed. This is required for those Group Policy client-side extensions that do not process on a background refresh cycle but that do process when the computer starts up, such as computer Group Policy Software Installation. This option has no effect if there are no extensions called that require the computer to be restarted.

/?
Displays help at the command prompt.


Examples

The following examples show how you can use the gpupdate command:

gpupdate
gpupdate /target:computer
gpupdate /force /wait:100
gpupdate /boot

 
Upvote 0 Downvote
gpupdate /force /boot is ftw.

If you have some really weird gp issues, particularly on low speed wan links you can delete the security file which is located in windows\security which will force the machine back to the stage where it joined a domain. However if you do that make sure you use the above command prior to rebooting/logging of etc or the machine will need to have its computer account reset.
 
Upvote 0 Downvote
I think you are looking to reverse registry tattooing.

There are 4 locations that GPOs are configured on a PC. Log on to the local PC as a local admin and open regedit. You can then delete the Microsoft keys found in the four locations.

HKEY_LOCAL_MACHINE\Software\Policies

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies

HKEY_CURRENT_USER\Software\Policies

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies




I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
90
DTGMI
DTGMI
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
82
technome
technome
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
185
goombawaho
goombawaho
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
66
RRankin355
RRankin355
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
64
on3mansh0w
on3mansh0w

Part and Inventory Search

Sponsor

Back
Top