Resetting Local Policy back to default
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.group_policy (More info?)
I have about 150 Workstations with customised local polices. Things
like Display a message when CTRL-ALT-DEL is pushed and restrict right
clicking etc. However we've now moved to AD and I want to use Group
Policy to do this. Is there an easy way to reset the default settings
back on the local polices? I've tried the secedit with the /cfg switch
but that doesn't do the sections of the Local Policy that I'm
interested in.
I also realise that my GP will overide the Local Policy, but that's
only if the settings are selected, if they are left as "Not Defined"
then the Local Policy will take effect. Hence why I'd like to reset
the local policy.
Whats the best way to do this?
Thanks,
Dan
I have about 150 Workstations with customised local polices. Things
like Display a message when CTRL-ALT-DEL is pushed and restrict right
clicking etc. However we've now moved to AD and I want to use Group
Policy to do this. Is there an easy way to reset the default settings
back on the local polices? I've tried the secedit with the /cfg switch
but that doesn't do the sections of the Local Policy that I'm
interested in.
I also realise that my GP will overide the Local Policy, but that's
only if the settings are selected, if they are left as "Not Defined"
then the Local Policy will take effect. Hence why I'd like to reset
the local policy.
Whats the best way to do this?
Thanks,
Dan
More about : resetting local policy back default
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Does the "Setup Security.inf" file do all of the policy though or just
the security section? I ran the secedit command with the /configure
and the setup security.inf file and it didn't do a lot of the policy
under the user section.
Also, even if I do what you suggest, will it reset the local computer
policy as I'd be running it from a domain policy?
Dan
Does the "Setup Security.inf" file do all of the policy though or just
the security section? I ran the secedit command with the /configure
and the setup security.inf file and it didn't do a lot of the policy
under the user section.
Also, even if I do what you suggest, will it reset the local computer
policy as I'd be running it from a domain policy?
Dan
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Hi,
Dan schrieb:
> I have about 150 Workstations with customised local polices. Things
> like Display a message when CTRL-ALT-DEL is pushed and restrict right
> clicking etc. However we've now moved to AD and I want to use Group
> Policy to do this. Is there an easy way to reset the default settings
> back on the local polices?
Create an OU, place all computer accounts in it.
Create an GPO on this OU and import the "setup security.inf"
security template. This is the template, that MS uses at the
end of installation process.
Perhaps you have to differ between the different OS on your clients,
if there are 2K and XP Clients, just use 2 OUs.
After the first start of the client and the apply of the policy
the security setting on File, Registry, Services and local policy
should be like it was at installation time.
HTH
Mark
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
W2K FAQ : http://w2k-faq.ebend.de
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
Hi,
Dan schrieb:
> I have about 150 Workstations with customised local polices. Things
> like Display a message when CTRL-ALT-DEL is pushed and restrict right
> clicking etc. However we've now moved to AD and I want to use Group
> Policy to do this. Is there an easy way to reset the default settings
> back on the local polices?
Create an OU, place all computer accounts in it.
Create an GPO on this OU and import the "setup security.inf"
security template. This is the template, that MS uses at the
end of installation process.
Perhaps you have to differ between the different OS on your clients,
if there are 2K and XP Clients, just use 2 OUs.
After the first start of the client and the apply of the policy
the security setting on File, Registry, Services and local policy
should be like it was at installation time.
HTH
Mark
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
W2K FAQ : http://w2k-faq.ebend.de
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Hi,
Dan schrieb:
> Does the "Setup Security.inf" file do all of the policy though or just
> the security section? I ran the secedit command with the /configure
> and the setup security.inf file and it didn't do a lot of the policy
> under the user section.
It only overrides the Security policys back to default. The registry
settings made by gpedit.msc are not reset.
Delete them manually in computer startup script:
%systemroot%\system32\GroupPolicy\User\registry.pol
%systemroot%\system32\GroupPolicy\User\machine.pol
> Also, even if I do what you suggest, will it reset the local computer
> policy as I'd be running it from a domain policy?
No, but it will overrides the settings ...
But if you use a computer startup script with
secedit /configure /db %temp%\temp.db /cfg
"%systemroot%\security\templates\setup security.inf"
resets it.
Tschö
Mark
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
W2K FAQ : http://w2k-faq.ebend.de
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
Hi,
Dan schrieb:
> Does the "Setup Security.inf" file do all of the policy though or just
> the security section? I ran the secedit command with the /configure
> and the setup security.inf file and it didn't do a lot of the policy
> under the user section.
It only overrides the Security policys back to default. The registry
settings made by gpedit.msc are not reset.
Delete them manually in computer startup script:
%systemroot%\system32\GroupPolicy\User\registry.pol
%systemroot%\system32\GroupPolicy\User\machine.pol
> Also, even if I do what you suggest, will it reset the local computer
> policy as I'd be running it from a domain policy?
No, but it will overrides the settings ...
But if you use a computer startup script with
secedit /configure /db %temp%\temp.db /cfg
"%systemroot%\security\templates\setup security.inf"
resets it.
Tschö
Mark
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
W2K FAQ : http://w2k-faq.ebend.de
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Thanks Mark, deleting the .pol files did the trick.
Thanks Mark, deleting the .pol files did the trick.
Archived from groups: microsoft.public.win2000.group_policy (More info?)
Dan schrieb:
> Thanks Mark, deleting the .pol files did the trick.
your welcome.
Mark
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
W2K FAQ : http://w2k-faq.ebend.de
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
Dan schrieb:
> Thanks Mark, deleting the .pol files did the trick.
your welcome.
Mark
--
Mark Heitbrink - MVP Windows Server
Homepage: www.gruppenrichtlinien.de
W2K FAQ : http://w2k-faq.ebend.de
PM: Vorname@Homepage, Versende-Adresse wird nicht abgerufen.
Related ressources:
- ForumHow to set Local Security Policy back to default ?
- ForumHow to Reset Local Security Policy Settings to Default in Windows XP from Safe M
- ForumLocal group policy options missing
- Forumlocal domain password policy
- ForumEditing Local Policy on machine no longer on domain
- ForumDefault Domain Policy
- ForumRemove local group policy windows XP
- ForumHomepage settings through group policy
- ForumPassword Policy mysteriously resetting ....
- ForumGPOs for Local Password Policies
- ForumLocal sec policy prohibits interactive logon
- ForumResetting Default Domain GPO to original state
- ForumLocal policy does not allow interactive login
- ForumLocal Policy Prevents Login Interactively
- ForumLocal Security Policy Will Not Open
- Forumresetting to default
- ForumDefault Domain Controllers Group Policy
- ForumSet default policy
- ForumHow can logged on user reset " Local Settings*.*" back to d..
- ForumParallel and com ports not appearing in device manager
- More resources
!
