Sign in with
Sign up | Sign in
Your question

Resetting Local Policy back to default

Last response: in Windows 2000/NT
Share
September 13, 2005 2:01:58 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have about 150 Workstations with customised local polices. Things
like Display a message when CTRL-ALT-DEL is pushed and restrict right
clicking etc. However we've now moved to AD and I want to use Group
Policy to do this. Is there an easy way to reset the default settings
back on the local polices? I've tried the secedit with the /cfg switch
but that doesn't do the sections of the Local Policy that I'm
interested in.

I also realise that my GP will overide the Local Policy, but that's
only if the settings are selected, if they are left as "Not Defined"
then the Local Policy will take effect. Hence why I'd like to reset
the local policy.

Whats the best way to do this?

Thanks,
Dan
September 14, 2005 8:01:14 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Does the "Setup Security.inf" file do all of the policy though or just
the security section? I ran the secedit command with the /configure
and the setup security.inf file and it didn't do a lot of the policy
under the user section.

Also, even if I do what you suggest, will it reset the local computer
policy as I'd be running it from a domain policy?

Dan
Anonymous
September 14, 2005 3:36:59 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi,

Dan schrieb:
> I have about 150 Workstations with customised local polices. Things
> like Display a message when CTRL-ALT-DEL is pushed and restrict right
> clicking etc. However we've now moved to AD and I want to use Group
> Policy to do this. Is there an easy way to reset the default settings
> back on the local polices?

Create an OU, place all computer accounts in it.
Create an GPO on this OU and import the "setup security.inf"
security template. This is the template, that MS uses at the
end of installation process.

Perhaps you have to differ between the different OS on your clients,
if there are 2K and XP Clients, just use 2 OUs.

After the first start of the client and the apply of the policy
the security setting on File, Registry, Services and local policy
should be like it was at installation time.

HTH
Mark
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
W2K FAQ : http://w2k-faq.ebend.de
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
Related resources
Anonymous
September 14, 2005 5:52:07 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi,

Dan schrieb:
> Does the "Setup Security.inf" file do all of the policy though or just
> the security section? I ran the secedit command with the /configure
> and the setup security.inf file and it didn't do a lot of the policy
> under the user section.

It only overrides the Security policys back to default. The registry
settings made by gpedit.msc are not reset.

Delete them manually in computer startup script:
%systemroot%\system32\GroupPolicy\User\registry.pol
%systemroot%\system32\GroupPolicy\User\machine.pol

> Also, even if I do what you suggest, will it reset the local computer
> policy as I'd be running it from a domain policy?

No, but it will overrides the settings ...

But if you use a computer startup script with
secedit /configure /db %temp%\temp.db /cfg
"%systemroot%\security\templates\setup security.inf"
resets it.

Tschö
Mark
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
W2K FAQ : http://w2k-faq.ebend.de
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
September 16, 2005 12:33:53 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thanks Mark, deleting the .pol files did the trick.
Anonymous
September 17, 2005 3:07:09 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Dan schrieb:
> Thanks Mark, deleting the .pol files did the trick.

your welcome.

Mark
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
W2K FAQ : http://w2k-faq.ebend.de
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
!