is there a way known to disable GPO-policies applied to clients without AD- but local admin-rights? I know this topic is not simply specific to Win11 but I did not find any better...... This sentence says it all, I need to stop one registry key (HKLM\SOFTWARE\Policies) from updating pushed through GPOs. Currently, I've made a task for watching for GPO-reapply and then reapply my setting with task-scheduler. This works, but the app instantly disables if GPO is applied and does not recover when setting back the registry. It needs to be manually re-activated. I've been putting alot of energy in this topic, but even setting registry permissions does not work. It think this topic is indeed quite spicy, because of different point of views to it, but I am curious to hear your thoughts about it.....
In general, I disable GPOs with the following: 1. Search in the registry for GPO-Disabled values and set them to 1. Maybe you can control individual GPOs that way, I disable them all. Also, during this step, go one level above and set the value Enabled to 0. Example: Code: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPLink-List\0] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0] "GPO-Disabled"=dword:00000001 Just observe around all these keys and find the obvious values. 2. Search in the registry for GPExtensions and delete the subkeys (in the form of GUIDs) below them. Again, I just rename the key GPExtensions to something like GPExtensions_BACKUP to kill them all at once. This way, I never had a problem of them coming back. But I was never on a domain. GL