How to: Undo Policy Changes Using Caspol.exe
If a policy change has unwanted side effects or if the change was accidentally made at the wrong security policy level (such as at the machine policy level instead of the user policy level), you can use the Code Access Security Policy tool (Caspol.exe) to recover the last machine, user, or enterprise policy before the change was made.
To undo a policy change
Type the following command at the command prompt:
caspol [-enterprise|-machine|-user|-all] –recover
Specify the policy-level option before the –recover option. If you omit the policy-level option, Caspol.exe undoes the policy change at the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.
The following command undoes the last change to the user policy.
caspol –user -recoverNote
The –recover option only undoes the last change. Caspol.exe does not cache any changes prior to the last change. If you call this option twice, you undo the policy recovery.
See Also
Concepts
Reference
Code Access Security Policy Tool (Caspol.exe)
Other Resources
Configuring Security Policy Using the Code Access Security Policy Tool (Caspol.exe)