cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

revert settings from GPO

horst1337
Copper Contributor

‎Apr 27 2021 06:50 AM

‎Apr 27 2021 06:50 AM

revert settings from GPO

Hello,

 

I tried to disable the ability for our RDS terminalserver users to install windows updates respectively I wanted to disable the message about new updates.

So I changed our windows updates GPO for the RDS servers and added the option to "remove access to use all windows update features", because misleading i thougt this setting would only affect default users and NOT the administrators. Sadly the setting also affects the admin users.

 

Then I tryed to change the set GPO setting from "enabled" to "not configured", which did not work.

Then I change the setting to "disabled", which also did not work.

Then I made a completely new GPO and configured the setting in this GPO to "disabled".

RSOP.msc shows, that the new GPO respectively the disabled settings is correctly applied.

 

Regardless the windows update settings are still greyed out with the hint "the option is managed by your organization".

 

 

How can I reset the access to the windows update functionality on the server?

 

 

Thank you

 

Kind regards

 

 

Labels:
7,874 Views
1 Like
8 Replies
Reply
8 Replies
Seshadrr

‎Apr 27 2021 09:44 AM

‎Apr 27 2021 09:44 AM

Re: revert settings from GPO

All GPOs settings are hard-coded with registry , according to your policy settings For users, to Remove access to use all Windows Update features we could edit below registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate
DisableWindowsUpdateAccess

Prevents users from connecting to the Windows Update website.

Range = 1|0

1 = Enabled. All Windows Update features are removed.
0 = Disabled or not configured. All Windows Update features are available

I would suggest with creating a new policy with register hive gpo settings referred to above path by deleting the key for one or two server and place it to all servers based on OU / Domain level
0 Likes
Reply
horst1337

‎Apr 28 2021 12:11 AM

‎Apr 28 2021 12:11 AM

Re: revert settings from GPO

Thank you for the reply.
I tryed the folowing settings:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
"DisableWindowsUpdateAccess"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
"DisableWindowsUpdateAccess"=dword:00000000

sadly non of them worked; the server still shows the message "This option is managed by your organization."
0 Likes
Reply
Seshadrr

‎Apr 28 2021 05:56 AM

‎Apr 28 2021 05:56 AM

Re: revert settings from GPO

Please check any of the concerned device as still pointing the backed link using Gplink and GPoption attribute from ADSI edit
0 Likes
Reply
horst1337

‎May 03 2021 06:54 AM

‎May 03 2021 06:54 AM

Re: revert settings from GPO

sorry, I don´t what you exactly mean? what do you want from the ADSI edit?
0 Likes
Reply
Seshadrr

‎May 03 2021 07:29 AM

‎May 03 2021 07:29 AM

Re: revert settings from GPO

Possibilities -I

When any group policies using Group Policy Editor (gpedit.msc), all policies are stored in the following folders:

C:\Windows\System32\GroupPolicy
C:\Windows\System32\GroupPolicyUsers.

To reset or remove all applied group policies, you just need to delete these 2 folders: GroupPolicy and GroupPolicyUsers.
Force the policy

Possibilities-II

The gPLink attribute holds a list of all Group Policy containers linked to the container and a number for each listed Group Policy container, that represents the Enforced (previously known as No Override) and Disabled option settings. The list appears in priority order from lowest to highest priority GPO.
The gPOptions attribute holds an integer value that indicates whether the Block Policy Inheritance option of a domain or OU is enabled (0) or disabled (1).

Navigate to mentioned OU, where the servers reside, and ensure the GPlink option based GUID is still available even after removing the GPO
0 Likes
Reply
horst1337

‎May 05 2021 11:02 PM

‎May 05 2021 11:02 PM

Re: revert settings from GPO

thank you for the reply!
I tried option 1 and deleted the GroupPolicy and GroupPolicy-User folder in system32.
after gpupdate /force and some additional reboots the folders still don`t get generated automatically again.
In my oppinion the server does not pull any new GPOs / GPO sesstings from the AD.
0 Likes
Reply
Seshadrr

‎May 06 2021 03:16 AM

‎May 06 2021 03:16 AM

Re: revert settings from GPO

Check any events %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx

I have tested this by deleting all the subfolders from the root folder and event says

Next policy processing for domain\user will be attempted in 102 minutes.
0 Likes
Reply
dhickson50

‎Jul 29 2021 03:22 PM - edited ‎Jul 29 2021 04:09 PM

‎Jul 29 2021 03:22 PM - edited ‎Jul 29 2021 04:09 PM

Re: revert settings from GPO

I have a similar problem. After disabling WSUS server and removing the associated GPO. It seems that the GPO is still active because I am still seeing the message “*Some settings are managed by your organization” on all my DC, servers and Windows 10 clients. I have ran gpresult /h gpreport.html and checked resultant set of policy. I am unable to detect where the GP is still be applied. Any help will be appreciated.

Preview file
63 KB
0 Likes
Reply