how to undo a group policy that has been set

  • Thread starter Thread starter Erik Oosterwaal
  • Start date Start date
E

Erik Oosterwaal

Hello all,

I have a difference of opinion with a colleague.
We are currently looking into group policies and the difference of
opinion we have is this:

* If a certain group policy setting for a domainuser (or computer) has
been set to "enabled" and a value has been entered, this will change
the setting for the user and grey out the option for the user. (we
agree on that)

* Now if we were to change back that same policy, to "disabled" or
"not configured", would the set value dissapear and would the involved
setting be usable by the user again?
-OR-
would we have to create some sort of "counter-policy" to accomplish
this?

Another question is what would happen if we delete the policy
alltogether, would this be the same as a policy that has all settings
set to "not configured"?

The reason for the confusion is that "enabled" applies the policy,
"disabled" doesn't apply the policy, and "not configured" leaves the
setting alone.
So does this mean that setting an "enabled" setting to "disabled",
does that give you back the default setting?

The reason I'm asking here and not testing, is we don't want to test
anything that could jeopardise a running server of one of our
customers. Does anyone have a clear explanation?

Thanks a lot.
 
The answer is: it depends. For explicit (fully managed)
Policies, yes. Setting them to "not configured" will have
the effect of a counter-policy, so the setting will become
available to the user again (that is why they are
called "fully managed").
Use the view menu to show "policies that can be fully
managed". You can also identify those as the blue-boxed
policy items. In fact, those are policies that are applied
to the HKCU-HKLM/Software/Policies or HKCU-
HKLM/Software/Microsoft/Windows/CurrentVersion/Policies
subhives. All other policy settings will be displayed with
a red box and are other registry keys. Out of the box
Windows only contains fully managed policies.
 
Ernst said:
The answer is: it depends. For explicit (fully managed)
Policies, yes. Setting them to "not configured" will have
the effect of a counter-policy, so the setting will become
available to the user again (that is why they are
called "fully managed").
Use the view menu to show "policies that can be fully
managed". You can also identify those as the blue-boxed
policy items. In fact, those are policies that are applied
to the HKCU-HKLM/Software/Policies or HKCU-
HKLM/Software/Microsoft/Windows/CurrentVersion/Policies
subhives. All other policy settings will be displayed with
a red box and are other registry keys. Out of the box
Windows only contains fully managed policies.
Click to expand...

Hi Ernst,
Thanks for the answer.
The only point of discussion still open is;
* will the setting revert to its windows default if the policy is set
to "not configured"? Or will it retain the value we gave it in the
first place?
Thanks,
Erik
 
Back
Top