Hero Banner

Modern Workplace Discussions

Discuss best practices related to Security, Teamwork and Unified Endpoint Management (Microsoft 365).

Visitor 1

Orphaned Registry Entries in GPO

I have a client with orphaned Registry Key entries in their "Default Domain Policy" that is applying registry entries to the workstations. I need to be able to remove these entries however when I edit the GPO the option to remove them is not there even thought it shows up in the settings summary. There is a central store for the ADM files however I did not set this up orginally and suspect that the store was not properly updated. I have found a article that states I can remove these entries using Power Shell. I have tried to run the following command but it errors out and states that I can not find the registry key in the GPO. I am hoping someone can help me with this issue.


Remove-GPRegistryValue -Name "Default Domain Policy" -Key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -ValueName NoDriveTypeAutoRun


It looks like the path is wrong. (the path can be found in the registry.pol file under \sysvol\[GUID]\machine\ as well.) Can you please try to get the GPO's vaule? If the path is correct, then you should get an output like this. 


PS C:\windows\system32> Get-GPRegistryValue -Name "new group policy object" -Key "hkcu\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"

KeyPath : Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
FullKeyPath : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Hive : CurrentUser
PolicyState : Set
Value : 1
Type : DWord
ValueName : NoActiveDesktopChanges
HasValue : True