# Removing group policy



## STAW (May 15, 2008)

I've got a standalone PC that was on a domain briefly, picked up group policy, then was removed and added to a work group. The trouble is, the group policy settings stayed, and a local admin can't touch those settings. RSOP doesn't show the machine as applying any group policies, but they sure are there. I get blocked from applying setup security.inf, or using secedit to reverse. GPUpdate completes instantly with no change. The local System account gets trumped by group policy as well. Anybody have any idea on how to remove group policy from this machine, short of reformatting the hard drive?


----------



## leroys1000 (Aug 16, 2007)

Might try going to start/run and type in gpedit.msc and hit enter.
A lot of stuff in the group policy editor,so you will probably
need to look for want you want.


----------



## STAW (May 15, 2008)

Group policy editor doesn't pull down anything but the local policy, which still blocks me from editting the policies I want. Don't know of any way to point out to a computer that it's not on a domain any more and should be subject to the policy of that domain?


----------



## DoubleHelix (Dec 10, 2004)

Domain policies aren't reversed when a computer is removed from a domain. Thus, there's no way to "tell" a computer it's not on a domain. The policies have already been applied. If they're also applied to the local account, they're machine-level policies, and you're not going to be able to get around them or "clear" them. The computer needs to be reinstalled.


----------



## STAW (May 15, 2008)

That's what I figured. Just hoping that some one had a trick to get around this "security feature" that Microsoft never saw fit to deal with themselves.


----------



## ChadU607 (Sep 2, 2008)

It is possible to remove GPO settings from a computer previously in a domain.. In fact.. if you don't you may get errors pertaining to services.exe causing your computer to shut down...
to do this.. navigate to:

HKLM\Software\microsoft\windows\currentversion\group policy\

you can delete the S-x-x-xx-xxxxxxxx-.... keys..

also, look in the sub folders and delete the S-... there too..

*ChadU607*
*Senior Microsoft Certified IT Professional* 
MCSA 2000 MCSE 2000 MCDBA 2000
MCSA 2003 MCSE 2003
MCTS+MCITP Enterprise Administrator


----------

