This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 51%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELC%3C/text%3E%3C/svg%3E)
We recently created a GPO to Lock the computer Screens (Windows Server 2019). We wanted to enforce it for some of the groups we have in our AD, but accidently applied it for authenticated users for alittle bit. We removed the apply permissions for authenticated users and set it to read only. Since then the GPO has been applying for everyone(authenticated users). What is the best solution to undo these settings? Also, what are the next steps? Any help works!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
1 = that would likely be a minimum
2 = If you wanted to revert some setting, you'll need to determine what it was before then create a policy for that group to assign this new setting.
--please don't forget to upvote and Accept as answer if the reply is helpful--
@Anonymous Ok I will just try and create a new policy with the computers that got affected and see if that works. Thanks for the info!
Sounds good, you're welcome. Yes, that should do it.
Setting a policy to "Not configured" means you are not configuring any policy, and so the client settings will remain set to whatever they are currently set to. If you wanted to revert the settings back to defaults you may have to determine what those default settings were, and then create a policy to assign those settings, or in some cases deleting the setting from registry changes an object to "Not configured"
--please don't forget to upvote and Accept as answer if the reply is helpful--
@Anonymous We have the policy enabled for the groups we want. But, the authenticated users have read only access. Is this necessary to give them read only? I read online that you have to so it applies to the groups you want to apply the GPO to. But, when we made the GPO the authenticated users had the "apply group policy" checked at first, so it applied to them (we did not notice that it applied to them). Now we want to revert those changes. What is the best way to do it?
Simplest may be to group the ones you want and apply the gpo to that group only.
--please don't forget to upvote and Accept as answer if the reply is helpful--
@Anonymous I agree, but do the authenticated users have to be in the filtering with read only access for the GPO to work?
Now we want to revert those changes. What is the best way to do it?
If you wanted to revert the settings you may have to determine what those default settings were, and then create a policy to assign those settings, or in some cases deleting the setting from registry changes an object to "Not configured"
but do the authenticated users have to be in the filtering with read only access for the GPO to work?
Not sure what this is even in reference too? I'd start a new thread to discuss this one.
@Anonymous I basically have 2 questions.
