Defeating Group Policies

Defeating group policiesxml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /

(Living large in an locked down XP world)

CAUTION: The following contains information on editing your registry. This following is not pretty, but is an effective sledge hammer approach. You must be able to edit your registry in order to perform these tasks.

Part I: Prevention

The key to defeating group policies is eliminating the ability of the domain to simply re-push the policy back down. I have experimented with several variations and have come up with the following:

Altering permissions on the policies key will prevent the domain from being able to push a policy to your machine.

The policy key is:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies

There will be a Microsoft key and if you have a group policy distributed, a reference to your group policy. For our example lets use a key called companyx

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CompanyX

Click on the key

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CompanyX\

and remove all values on the right hand pane window. Once you have finished change the permissions (remove inherited permissions) on

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CompanyX\

key and set them to administrators and system DENY ALL

While this will prevent future writes by you, it will also prevent future rights by automatic distribution.

Now on to the clean up…

Part II: Clean Up

If you have already had a group policy distributed, search your registry for groupmembership. Once you find it, delete all values except the default value. They start at 0 and go to x.  It is in the registry a few times.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership]

Also clear the group policy history

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History]

Part III : Undoing Folder Redirection

If folder redirection has been enabled, after you complete steps one and two you will have to search the registry to remove any remaining values:

For instance if  folder redirection has been enabled to your home drive, simply search the registry for the value of your home drive path and remove the entries.

H:\redirect  for example. Search your registry for H:\redirect and delete it where ever it is present

Once all the above have been completed reboot the machine and you are free from group policy distribution.