When you remove a Group Policy (or in the case of some GPO’s set it NOT CONFIGURED), you might think that the setting in question is returned to the factory default but that is not the case.
Take for an example a client I worked with today who had two Windows Server 2016’s which had a GPO applied to them disabling the Windows Firewall. One of the servers had its firewall change to enabled and another one changed to disabled. This was confusing to them, Because they thought it would return to the default of enabled.
When you remove a Group Policy or stop it in any way from being applied to a particular computer it will revert to the configuration it had prior to the Group Policy being applied.
Because most settings on corporate computers are not changed manually but only changed through GPO, when you remove that GPO it does go back to default.
In my client’s case one of the servers had It’s Firewall manually Disabled before the PO was applied to it so when the GPO was removed it went back to being disabled.
PRO-TIP: It is always a better idea to unlink a GPO from a particular ou than it is to just delete the GPO altogether, because you might have to revert if things go south. If you are removing one of the features from a large GPO, your best plan of attack is probably to create a new PO that contains the feature you are changing in the larger PO and then you can manage just the feature you are looking for,
1 Comment
Roger Flinch · May 16, 2023 at 5:22 pm
Thanks for this. I thought that GPO’s would reset to their factory defaults… I was wrong but I read your great article first so I did not blow up.