How to Reset the Local Group Policies Using Gpedit.

msc
Console
This method involves using the GUI of the local Group Policy Editor console (gpedit.msc) to disable
all configured policies. The graphical local GPO editor is available only in Pro, Enterprise and
Education Windows editions.

Run the gpedit.msc snap-in and go to the All Settings section (Local Computer Policy ->
Computer Configuration – > Administrative templates). This section contains a list of all
policies available for configuration in the local administrative templates. Sort policies by the State
column and find all active policies (Disabled or Enabled state). Turn off all or some of them by
switching them to the Not configured state.

Do the same steps in the User Configuration section. Thus, you can turn off all the settings of the
administrative GPO templates.
Tip. A list of all applied local and domain policy settings in a convenient html report can be obtained
with the built-in GPResult utility using the command:
gpresult /h c:\PS\GPRreport.html

The above method of resetting group policies in Windows is suitable for the simplest cases.
Incorrect configuration of the Group Policies can result in more serious problems, like inability to
start gpedit.msc snap-in or even all programs, the loss of the administrator privileges, or a restrict to
local logon. Let’s consider these cases in more detail.

Reset all Local Group Policies Settings to Default from

Command Prompt
This section describes how to forcefully reset all current Group Policy settings in Windows. However,
first we will describe some of the principles of the operation of administrative group policy templates
in Windows.

1
 The architecture of the group policy is based on special Registry.pol files. These files store registry
settings that correspond to the configured group policy settings. User and Computer policies are
stored in different Registry.pol files.
 The computer settings (Computer Configuration section) are stored in
%SystemRoot%\System32\ GroupPolicy\Machine\registry.pol
 The user settings (User Configuration section) are stored in %SystemRoot%\System32\
GroupPolicy\User\registry.pol

During the startup, the system imports the contents of \Machine\Registry.pol to the system
registry key HKEY_LOCAL_MACHINE (HKLM). The contents of the file \User\Registry.pol are
imported to the HKEY_CURRENT_USER (HKCU) when a user logs on to the system.
The Local Group Policy Editor when started, loads the contents of these files and shows it in a user-
friendly graphical way. When you close the GPO editor, the changes you make are written to the
Registry.pol files. After updating the group policies (using the gpupdate /force command or on a
schedule), the new settings fall into the registry.
Tip. To change the Registry.pol files, it’s worth to use only the GPO editor console. It is not
recommended to edit Registry.pol files manually or using the older versions of GPO Editor!
To reset all current settings of the local group policies, you must delete the Registry.pol files in the
GroupPolicy directory. You can do it with the following commands, run them in the command
prompt with the administrator privileges:

RD /S /Q "%WinDir%\System32\GroupPolicyUsers"
RD /S /Q "%WinDir%\System32\GroupPolicy"
After that, you need to update the policy settings in the registry:

gpupdate /force

2
 These commands will reset all local group policy settings in the Computer Configuration and User
Configuration sections.

Open the gpedit.msc and make sure that all policies are in the Not Configured state. After running
the gpedit.msc console, deleted folders will be created automatically with the default settings.

How to Reset Local Security Policies in Windows

Local security policies are configured in a separate mmc console – secpol.msc. If the problems
with the computer are caused by “tightening the screws” in the local security settings and the user
has retained the access to the system and the administrative privileges, first, it’s better to reset the
security settings to the default values. To do it, under the administrator run the following command:
 In Windows 10, Windows 8.1/8 and Windows 7: secedit /configure /cfg
%windir%\inf\defltbase.inf /db defltbase.sdb /verbose
 In Windows XP: secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb
/verbose

After that restart the computer.

3
 In the event that problems with security policies still exist, try manually renaming the checkpoint file
of the local security policy database %windir%\security\database\edb.chk.

ren %windir%\security\database\edb.chk edb_old.chk

Run the command:

gpupdate /force
Restart Windows:
Shutdown –f –r –t 0

How to reset local policies if you can’t log in to Windows

If it is impossible to log in to the system locally or you can’t run the command line (e. g., apps are
locked with Applocker), you can delete Registry.pol files when booted from any Windows installation
disk or a LiveCD.

 Boot from any Windows installation media and run the command prompt (Shift+F10)
 Run the command:

1
diskpart

 Then display the list of volumes in the system:

1
list volume

 In this case, the letter assigned to the system disk corresponds to the letter of the system – C:\.
However, sometimes these can be different. So the following commands have to be run in the
context of your system disk (e. g., D:\ or C:\)

 Close diskpart:

1
exit

4
 Run the following commands one by

one:
1

RD /S /Q C:\Windows\System32\GroupPolicy
2
RD /S /Q C:\Windows\System32\GroupPolicyUsers

 Restart the computer in the normal mode and make sure that the local group policies settings are
reset to their default values.

Reset applied Domain GPO settings

A few words about domain Group Policies. In the event that the computer is included in an Active
Directory domain, some of its settings can be managed by a domain administrator through domain-
based GPOs.

The registry.pol files of all applied domain group policies are stored in the
directory%windir%\System32\GroupPolicy\DataStore\0\SysVol\contoso.com\Policies.
Each policy is stored in a separate folder with the GUID of the domain policy.

5
 These registry.pol files correspond to the following registry keys:

 HKLM\Software\Policies\Microsoft
 HKCU\Software\Policies\Microsoft
 HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
The versions history of the applied domain policies that have been used on the client is in the
following branches:

 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\
 HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\
If you remove a computer from the domain, the registry.pol files of domain policies on the computer
will be deleted and, accordingly, won’t be loaded to the registry.

If you need to force remove the domain GPO settings, you need to clean the
%windir%\System32\GroupPolicy\DataStore\0\SysVol\contoso.com\Policies directory and delete the
specified registry keys (it is strongly recommended that you back up the deleted files and registry
entries !!!) . Then run the command:
gpupdate /force /boot
Tip. This method allows to reset all local GPO settings in all supported Windows versions. All
settings made with the Group Policy Editor will reset. However, the changes made directly into the
registry with the registry editor, REG files or in any other way are not canceled