How To Clear Group Policy Cache Windows 10
- Home
- Windows
- Windows 10
I removed a laptop out of the domain. In the past when I did so and ran gpupdate /force after rebooting it worked fine. However, and maybe it is just the one policy I was looking at, but in Password policies, it had the domain policy, greyed out, and unable to be changed.
I deleted the following registry keys:
- HKLM\Software\Policies\Microsoft
- HKCU\Software\Policies\Microsoft
- HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
Deleted the %windir%\system32\GroupPolicy Machine and User caches
Ran this in administrative powershell:
Remove-Item "$env:windir\system32\GroupPolicy" -Force -Recurse
- ROM
- CPU
- RAM
- GPU
12 Replies
Depends on the policy. Managed policy is reverted back to original settings when the policy is removed. Unmanaged policies have to be changed back manually.
As well as any GPP settings.
Your best bet would be to do a refresh or reset if it is a Windows 8 + system
Domain join makes a hell load of changes to the GPO and registry that are not reverted back. The only way that works for me completely in such cases is sysprep.
Honestly... just create a new local account and copy over any documents you still need/want then blow away the old profile for the added space. If it were me, I would've just reimaged the entire thing, though.
I actually did make a new local account. The original domain account is not being used. In fact I only copied Documents, Pictures, Downloads, and Desktop. I have removed machines before out of the domain to make a local account and drilling down to Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy in gpedit.msc was never greyed out before.
Something is causing it to be greyed out and since it is now a workstation, and I am local admin, there isn't anything else I can do besides wiping it?
jonweinraub wrote:
I actually did make a new local account. The original domain account is not being used. In fact I only copied Documents, Pictures, Downloads, and Desktop. I have removed machines before out of the domain to make a local account and drilling down to Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy in gpedit.msc was never greyed out before.
Something is causing it to be greyed out and since it is now a workstation, and I am local admin, there isn't anything else I can do besides wiping it?
That is interesting. That should have been released when disjoined. The settings would be the same but you should be able to change them.
Did you launch the MMC as admin? Could it still be joined to Azure AD? Or workplace join?
Does it have or was it managed by inTune ? Does it have the intune client still? Any other MDM?
Justin1250 wrote:
jonweinraub wrote:
I actually did make a new local account. The original domain account is not being used. In fact I only copied Documents, Pictures, Downloads, and Desktop. I have removed machines before out of the domain to make a local account and drilling down to Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy in gpedit.msc was never greyed out before.
Something is causing it to be greyed out and since it is now a workstation, and I am local admin, there isn't anything else I can do besides wiping it?
That is interesting. That should have been released when disjoined. The settings would be the same but you should be able to change them.
Did you launch the MMC as admin? Could it still be joined to Azure AD? Or workplace join?
Does it have or was it managed by inTune ? Does it have the intune client still? Any other MDM?
It was part of a regular domain (non azure). No MMC on the computer. I unjoined domain membership like usual, joined workgroup, "WORKGROUP", rebooted, and ran gpupdate /force and rebooted. I ran as a local admin (not administrator itself, but a local account that has full admin rights) and when i went to gpedit the policy I want to remove was greyed out. I never seen that before. When I did all the above in trying to clear it out, no matter what I did, it remained. I did extensive research on various boards, including this one, and found similar things to do, which none worked for this enduser. I disabled fast logon even, did reboots, did power cycling, etc. I did not try domain rejoin though. The individual is a remote user, but I did unjoin whilst he was on the VPN. He was the fifth remote person I unjoined and none of his predecessors had this issue, hence my befuddlement.
Maybe try applying a default security template to the laptop. Check this older article: https://blogs.technet.microsoft.com/askds/2008/05/28/default-security-templates-in-windows-2008/ even though this is a Windows 10 computer (assumed from the forum posted to). On my own computer I see three deflt*.inf files in %systemroot%\INF (defltbase.inf, defltrdsh.inf, and defltwk.inf). I'd try the "base" or "wk" ones to reset the security settings. You can use secedit since mmc is not available.
Martin
I will check this out soon as I can, apologies for taking so long in replying. Haven't had a chance to reach out to the enduser.
I will check this out soon as I can, apologies for taking so long in replying. Haven't had a chance to reach out to the enduser.
Sorry for taking so long. The enduser came into the office today with the laptop and I was able to do this. This worked fine, however, I was able to reset the policies to how I wanted them, they were still greyed out. In the end, the result is what I want and that is all what matters in the end.
Did you reboot once again after policies reset?
Im looking to reset my windows 10 computer to the default Group Policy they come with. We pushed out originally thru Azure / Intune. Would this script reset it? Remove-Item "$env:windir\system32\GroupPolicy" -Force -Recurse
Any suggestions?
Thanks
This topic has been locked by an administrator and is no longer open for commenting.
To continue this discussion, please ask a new question.
How To Clear Group Policy Cache Windows 10
Source: https://community.spiceworks.com/topic/2186772-how-to-clear-group-policy-settings-after-leaving-the-domain
Posted by: dahlstromwhalke38.blogspot.com
0 Response to "How To Clear Group Policy Cache Windows 10"
Post a Comment