GPO related

jennyKim 240 Reputation points

Is there any GPO which cannot be set into disable after disabled it?

A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,031 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,182 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,220 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Khaled Elsayed Mohamed 1,255 Reputation points

    Hi ネパリ サンデャ

    No, it is not accurate to assume that Group Policy Objects (GPOs) that cannot be reverted after enabling them can be determined solely from their description. The ability to revert or undo a GPO change depends on various factors, including the specific settings applied by the GPO, the nature of the change, and the configuration of the affected systems.

    While the description of a GPO can provide insights into its purpose and intended effects, it may not indicate whether the changes made by the GPO are reversible or permanent. The reversibility of a GPO typically depends on the individual settings and their impact on the system or network.

    To determine if a particular GPO change is reversible, it's crucial to understand the settings and policies being modified, as well as the potential implications of those changes. Consulting the documentation or seeking expert advice can help in evaluating the impact and reversibility of specific GPO settings. Additionally, creating backups or snapshots of system configurations before making significant GPO changes can provide a safety net to restore previous settings if needed.

    #Another opinion

    it is important to carefully consider the implications of enabling a GPO before doing so.

    Here are some examples of GPOs that cannot be reverted:

    • GPOs that change the default user profile
    • GPOs that change the default security settings
    • GPOs that install software
    • GPOs that create or delete user accounts
    1 person found this answer helpful.
    0 comments No comments

  2. Khaled Elsayed Mohamed 1,255 Reputation points

    @ネパリ サンデャ

    To delete a Group Policy Object (GPO) that is not visible in the Group Policy Management Console (GPMC) GUI, you can use the PowerShell cmdlets provided by the Group Policy module. Here's a step-by-step guide:

    Open an elevated PowerShell session. Right-click on the PowerShell icon and select "Run as Administrator".

    1. Import the Group Policy module by running the following command:
    Import-Module GroupPolicy

    3-List all the GPOs to identify the GPO you want to delete. Run the following command:

    Get-GPO -All

    This will display a list of all GPOs in the domain, including the hidden ones.

    Identify the GPO you want to delete based on its name or other relevant details.

    1. To delete the GPO, use the Remove-GPO cmdlet followed by the GPO's display name. For example, if the GPO's display name is "Windows XP Settings", you can use the following command:
    Remove-GPO -Name "Windows XP Settings"

    Please ensure that you replace "Windows XP Settings" with the actual display name of the GPO you want to delete.

    Confirm the deletion when prompted.

    1 person found this answer helpful.
    0 comments No comments

  3. Khaled Elsayed Mohamed 1,255 Reputation points

    Hi JK

    In general, Group Policy Objects (GPOs) are designed to be reversible, meaning that settings applied through GPOs can typically be disabled or reverted back to their original state. However, there are some scenarios where certain GPO settings may not revert back to their previous state after they have been disabled. Here are a few examples:

    1. Preferences vs. Policy settings: Group Policy Preferences (GPP) and Group Policy Policy settings (GPPolicy) behave differently in terms of reversibility. GPP settings, such as mapped drives or printer preferences, are typically reversible and will revert back once the GPO is disabled or removed. On the other hand, GPPolicy settings, which are typically found in Administrative Templates, may persist even after the GPO is disabled. This is because GPPolicy settings modify registry values directly, and disabling the GPO does not automatically revert those changes.
    2. Software installation: If you use Group Policy to deploy software installations, the installed software might not be automatically uninstalled when the GPO is disabled or removed. Group Policy-based software installations are typically assigned to computers rather than users, and the software remains installed until explicitly removed or uninstalled.
    3. Registry modifications: Some GPOs modify registry settings to enforce specific configurations. If a GPO modifies registry settings that are not part of a specific policy area, such as Administrative Templates, the changes may persist even after the GPO is disabled. Disabling the GPO does not automatically revert the registry modifications made by the GPO.

    It's important to carefully plan and test GPO changes to understand the potential impact they may have. If you need to revert specific settings or configurations applied by a GPO, you may need to manually reverse the changes by modifying the affected settings or registry values directly.

    Remember to exercise caution when making changes to GPOs, especially if they modify system settings or configurations. Always test GPO changes in a controlled environment before applying them to production systems.