Resetting Local Policy back to default

Dan · Sep 13, 2005

I have about 150 Workstations with customised local polices. Things
like Display a message when CTRL-ALT-DEL is pushed and restrict right
clicking etc. However we've now moved to AD and I want to use Group
Policy to do this. Is there an easy way to reset the default settings
back on the local polices? I've tried the secedit with the /cfg switch
but that doesn't do the sections of the Local Policy that I'm
interested in.

I also realise that my GP will overide the Local Policy, but that's
only if the settings are selected, if they are left as "Not Defined"
then the Local Policy will take effect. Hence why I'd like to reset
the local policy.

Whats the best way to do this?

Thanks,
Dan

Mark Heitbrink [MVP] · Sep 14, 2005

Hi,

I have about 150 Workstations with customised local polices. Things
like Display a message when CTRL-ALT-DEL is pushed and restrict right
clicking etc. However we've now moved to AD and I want to use Group
Policy to do this. Is there an easy way to reset the default settings
back on the local polices?

Create an OU, place all computer accounts in it.
Create an GPO on this OU and import the "setup security.inf"
security template. This is the template, that MS uses at the
end of installation process.

Perhaps you have to differ between the different OS on your clients,
if there are 2K and XP Clients, just use 2 OUs.

After the first start of the client and the apply of the policy
the security setting on File, Registry, Services and local policy
should be like it was at installation time.

HTH
Mark

Dan · Sep 14, 2005

Does the "Setup Security.inf" file do all of the policy though or just
the security section? I ran the secedit command with the /configure
and the setup security.inf file and it didn't do a lot of the policy
under the user section.

Also, even if I do what you suggest, will it reset the local computer
policy as I'd be running it from a domain policy?

Dan

Mark Heitbrink [MVP] · Sep 14, 2005

Hi,

Does the "Setup Security.inf" file do all of the policy though or just
the security section? I ran the secedit command with the /configure
and the setup security.inf file and it didn't do a lot of the policy
under the user section.

It only overrides the Security policys back to default. The registry
settings made by gpedit.msc are not reset.

Delete them manually in computer startup script:
%systemroot%\system32\GroupPolicy\User\registry.pol
%systemroot%\system32\GroupPolicy\User\machine.pol

Also, even if I do what you suggest, will it reset the local computer
policy as I'd be running it from a domain policy?

No, but it will overrides the settings ...

But if you use a computer startup script with
secedit /configure /db %temp%\temp.db /cfg
"%systemroot%\security\templates\setup security.inf"
resets it.

Tschö
Mark

Dan · Sep 16, 2005

Thanks Mark, deleting the .pol files did the trick.

Mark Heitbrink [MVP] · Sep 17, 2005

Dan said:
Thanks Mark, deleting the .pol files did the trick.

your welcome.

Mark

Resetting Local Policy back to default

Dan

Mark Heitbrink [MVP]

Dan

Mark Heitbrink [MVP]

Dan

Mark Heitbrink [MVP]