Resetting Local Policy back to default

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have about 150 Workstations with customised local polices. Things
like Display a message when CTRL-ALT-DEL is pushed and restrict right
clicking etc. However we've now moved to AD and I want to use Group
Policy to do this. Is there an easy way to reset the default settings
back on the local polices? I've tried the secedit with the /cfg switch
but that doesn't do the sections of the Local Policy that I'm
interested in.

I also realise that my GP will overide the Local Policy, but that's
only if the settings are selected, if they are left as "Not Defined"
then the Local Policy will take effect. Hence why I'd like to reset
the local policy.

Whats the best way to do this?

Thanks,
Dan
5 answers Last reply
More about resetting local policy back default
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Does the "Setup Security.inf" file do all of the policy though or just
    the security section? I ran the secedit command with the /configure
    and the setup security.inf file and it didn't do a lot of the policy
    under the user section.

    Also, even if I do what you suggest, will it reset the local computer
    policy as I'd be running it from a domain policy?

    Dan
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Hi,

    Dan schrieb:
    > I have about 150 Workstations with customised local polices. Things
    > like Display a message when CTRL-ALT-DEL is pushed and restrict right
    > clicking etc. However we've now moved to AD and I want to use Group
    > Policy to do this. Is there an easy way to reset the default settings
    > back on the local polices?

    Create an OU, place all computer accounts in it.
    Create an GPO on this OU and import the "setup security.inf"
    security template. This is the template, that MS uses at the
    end of installation process.

    Perhaps you have to differ between the different OS on your clients,
    if there are 2K and XP Clients, just use 2 OUs.

    After the first start of the client and the apply of the policy
    the security setting on File, Registry, Services and local policy
    should be like it was at installation time.

    HTH
    Mark
    --
    Mark Heitbrink - MVP Windows Server
    Homepage: www.gruppenrichtlinien.de
    W2K FAQ : http://w2k-faq.ebend.de
    PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Hi,

    Dan schrieb:
    > Does the "Setup Security.inf" file do all of the policy though or just
    > the security section? I ran the secedit command with the /configure
    > and the setup security.inf file and it didn't do a lot of the policy
    > under the user section.

    It only overrides the Security policys back to default. The registry
    settings made by gpedit.msc are not reset.

    Delete them manually in computer startup script:
    %systemroot%\system32\GroupPolicy\User\registry.pol
    %systemroot%\system32\GroupPolicy\User\machine.pol

    > Also, even if I do what you suggest, will it reset the local computer
    > policy as I'd be running it from a domain policy?

    No, but it will overrides the settings ...

    But if you use a computer startup script with
    secedit /configure /db %temp%\temp.db /cfg
    "%systemroot%\security\templates\setup security.inf"
    resets it.

    Tschö
    Mark
    --
    Mark Heitbrink - MVP Windows Server
    Homepage: www.gruppenrichtlinien.de
    W2K FAQ : http://w2k-faq.ebend.de
    PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
  4. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Thanks Mark, deleting the .pol files did the trick.
  5. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    Dan schrieb:
    > Thanks Mark, deleting the .pol files did the trick.

    your welcome.

    Mark
    --
    Mark Heitbrink - MVP Windows Server
    Homepage: www.gruppenrichtlinien.de
    W2K FAQ : http://w2k-faq.ebend.de
    PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
Ask a new question

Read More

Policy Default Workstations Microsoft Windows