Local GPO take precedence over Domain GPO

mousmoulisKostas 11 Reputation points
2020-10-02T08:29:28.12+00:00

Hello,

I moved a Windows machine WIN8.1 Enterpise from a domain network and moved it in a Workgroup network.

I login to that PC as local Admin now.

When I tried to make some modifications in the local GPO of that machine, I found out that some of the options are greyed out and I cannot modify them. I think that's probably because of the Domain GPO already applied on this machine while it was member of the domain.

Is there any way to have these options available for selection locally and not greyed out?

I mean block Domain GPO applied and have the local GPO applied.

Regards

Kostas

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Léon Witteveen 1 Reputation point
    2020-10-02T09:04:54.85+00:00

    Hi Kostas,

    This is default behaviour and will not automatically be reversed. Please read this article as one needs to reverse the domain policy actions placed on this (now domain-removed) machine: https://www.thewindowsclub.com/how-to-reset-windows-security-settings-to-its-defaults

    Hope this helps,

    BR, Leon

    0 comments No comments

  2. Anonymous
    2020-10-05T00:53:15.243+00:00

    Hi,

    If you didn't remove the domain GPOs when remove the disjoin the domain, here are 2 ways to clear the domain GPO settings:
    1 way :
    Join to the domain again , and put it into a new OU
    Block inheritance from parent GPOs.
    Define security settings to default value you needed.
    Run gpudate /force on the client computers.
    Check if local security settings is come back to default settings on the client computer.
    Disjoin the client computers.
    The other way
    Delete all group policy registry keys(Before any changes for the registry key, please do the back up )
    For more details you can refer to the following link:
    https://social.technet.microsoft.com/Forums/lync/en-US/a13a51eb-cc15-41dc-8a81-67454bac0cd5/group-policy-security-settings-not-editable-after-removing-client-from-the-domain?forum=winserverGP

    Best Regards,


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.