Defeating group policies Part I: Prevention The key to defeating group policies is eliminating the ability of the domain to simply re-push the policy back down. I have experimented with several variations and have come up with the following: Altering permissions on the policies key will prevent the domain from being able to push a policy to your machine. The policy key is: HKEY_LOCAL_MACHINE\SOFTWARE\Policies There will be a Microsoft key and if you have a group policy distributed, a reference to your group policy. For our example lets use a key called companyx HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CompanyX Click on the key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CompanyX\ and remove all values on the right hand pane window. Once you have finished change the permissions (remove inherited permissions) on HKEY_LOCAL_MACHINE\SOFTWARE\Policies\CompanyX\ key and set them to administrators and system DENY ALL While this will prevent future writes by you, it will also prevent future rights by automatic distribution. Now on to the clean up… Part II: Clean Up If you have already had a group policy distributed, search your registry for groupmembership. Once you find it, delete all values except the default value. They start at 0 and go to x. It is in the registry a few times. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership] Also clear the group policy history [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History] Part III : Undoing Folder Redirection If folder redirection has been enabled, after you complete steps one and two you will have to search the registry to remove any remaining values: For instance if folder redirection has been enabled to your home drive, simply search the registry for the value of your home drive path and remove the entries. H:\redirect for example. Search your registry for H:\redirect and delete it where ever it is present Once all the above have been completed reboot the machine and you are free from group policy distribution.