Shared Script Library

GitHub Issues LinkedIn

Reset Local Group Policy

PowerShell script to silently backup and reset existing local group policy objects.

Last updated 1 month ago

Overview

This script creates a backup of the files stored in C:\Windows\System32\GroupPolicy and C:\Windows\System32\GroupPolicyUsers. After the backup is created, the script will delete the existing files to reset all locally set Group Policy Objects to "Not Configured".

By default, backups are stored in C:\Backups\Group Policy.

To restore a backup:

Delete contents of C:\Windows\System32\GroupPolicy, if it exists.
Delete contents of C:\Windows\System32\GroupPolicyUsers, if it exists.
Copy the contents of the associated backup folder to C:\Windows\System32.
Run gpupdate /force from an administrative terminal.

Prerequisites: This script has no prerequisites.

Script

Note: This script has no effect on Group Policy Objects applied from Active Directory.

Examples

.\ResetLocalPolicies.ps1

This example creates a backup of the existing local group policy files (if any) and resets them back to "Not Configured".

Parameters

This script has no parameters.

https://github.com/wise-io/scripts/blob/main/scripts/ResetLocalPolicies.ps1

<#
  .SYNOPSIS
    Clears (resets) local group policies.
  .DESCRIPTION
    Clears (resets) local group policies by deleting registry.pol and associated files after creating a backup.
  .EXAMPLE
    ./ResetLocalPolicies.ps1
#>

# Local group policy files
$PolicyFiles = "$env:SystemRoot\System32\GroupPolicy"
$PolicyUserFiles = "$env:SystemRoot\System32\GroupPolicyUsers"

function Backup-Policies {
  # Define variables for policy backups
  $Timestamp = Get-Date -Format 'yyyy-MM-dd HH.mm.ss'
  $BackupDir = "$env:SystemDrive\Backups\Group Policy\$Timestamp"

  Write-Output "`nCreating backups of local group policy files..."
  try {
    if ((Test-Path $PolicyFiles) -or (Test-Path $PolicyUserFiles)) {
      if (Test-Path $PolicyFiles) { Copy-Item -Path $PolicyFiles -Destination $BackupDir -Recurse }
      if (Test-Path $PolicyUserFiles) { Copy-Item -Path $PolicyUserFiles -Destination $BackupDir -Recurse }
      Write-Output "Complete - backups stored at $BackupDir."
    }
    else { Write-Warning 'No existing local group policy files found - backup aborted.' }
  }
  catch {
    Write-Warning 'Error creating backup.'
    Write-Warning $_
    exit 1
  }
}

function Reset-Policies {
  # Clear existing local policies
  Write-Output "`nResetting local policies..."

  try {
    # Clears policy files
    Remove-Item -Path $PolicyFiles -Recurse -Force -ErrorAction Ignore
    Remove-Item -Path $PolicyUserFiles -Recurse -Force -ErrorAction Ignore

    # Apply new policies
    gpupdate /force /wait:0
  }
  catch {
    Write-Warning 'Error resetting local group policies.'
    Write-Warning $_
    exit 1
  }
}

$ErrorActionPreference = 'Stop'
Backup-Policies
Reset-Policies