This is a real interesting one from my 6419B class in May. During our discussion on Group Policy, I was asked a “hacking question” as it was put. If the user had a copy of their registry before a GPO was applied, can they import that copy and override the GPO?
To test this one out I exported a copy of a client GPO that had a standard user logged in on it and saved it to the desktop. I then created and applied a GPO the removed the Recycle Bin from the desktop. Once applied, the Recycle Bin was removed from the desktop. We then imported the backed up registry and received this error:
Cannot import C:\Users\adam\Desktop\MyReg.reg: Not all data was successfully written to the registry. Some keys are open by the system or other processes.
The GPO held and the registry was unaltered.