Many of my users have local admin rights to their computers which includes access to the registry. I am concerned that they are getting around my GPO restrictions by hacking the registry. Is there a simple way to prevent them from doing so?


It is true that local admins can skirt your group policy settings by deleting designated registry keys. You can shore up your choosing the GPO settings located in Administrative Templates which is “Process even if the Group Policy Objects have not changed”.