Knowledge - Details
Date Added: 1/18/2017
If you select a GPO and click the Settings tab, you may notice an extra section at the bottom of the Computer Config or User config called Extra Registry Settings. That probably means you have created a GPO using a previous version of an ADMX, but the newer version of the ADMX you're using now no longer has those settings in it. In other words, those are orphaned settings that should probably be removed. One way is to delete the GPO and recreate it. The other way is to use Powershell to remove those specific settings:
1) Get the name of the GPO
2) See if the Extra Registry Setting is in the Computer or the User section. If computer, use HKLM below. If User, use HKCU below.
3) Open powershell and run this command, replacing the GPO's NAME and the HKCU with HKLM if necessary:
Remove-GPRegistryValue -Name My Windows Defender Config GPO -Key HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection -ValueName DisableIntrusionPreventionSystem
4) After removing the setting, you may want to look at the GPO to see if the new ADMX file has given you any new options that you're interested in. Or, you may want to keep that registry setting, but you should put it in a Registry Preference instead of leaving it as an orphaned setting.
Disclaimer: Everything on this website is written for my own use. I disclaim any guarantees that the procedures and advice listed here are accurate, safe, or beneficial for anyone else. If you attempt to follow any procedures or advice shared here, you do it at your own risk. Part of IT work is knowing how to recover from problems.