Administrators can remove policies that break their computers

Annoying Policies.md

Our IT department still deploys GPO's that, frankly, break things for me. As a developer, I have full admin rights on my laptop. If you have admin rights, you can (temporarily) remove GPO policies.

For example:

• The Microsoft\FVE policy was breaking Docker: docker/for-win#1297
• The Microsoft\Edge and Google\Chrome policies force startup options that slow me down

As long as those breaking policies can be removed in the registry, I just fix it by running something like this every time I reboot my computer. I actually stuck this in my profile.ps1, so to make it work I use Start-Process pwsh -Verb RunAs to run it in an elevated session (because I only rarely run PowerShell elevated, but I always start Windows Terminal with a PowerShell session on login).

Clear-AnnoyingPolicy.ps1

<#
 .Synopsis
  Clear-AnnoyingPolicy.ps1 # alias: clap
#>
[CmdletBinding()]
[Alias("clap")]
param()

$Roots = @(
    "HKLM:\SOFTWARE\Policies\"
    "HKCU:\SOFTWARE\Policies\"
    "HKLM:\SYSTEM\CurrentControlSet\Policies"
)
$Policies = @(
    "Microsoft\Edge"
    "Google\Chrome"
    "Microsoft\FVE"
)

$Paths = foreach ($Policy in $Policies) {
    $Roots | Join-Path -ChildPath $Policy | Where-Object { $_ | Test-Path}
}
# If any of these policy folders exist, run PowerShell elevated to clean up
if ($Paths) {
    Start-Process pwsh -Verb RunAs -ArgumentList "-NoProfile -NonInteractive -Command ""&{ Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Policies\Microsoft\FVE FDVDenyWriteAccess 0; Remove-Item 'HKLM:\SOFTWARE\Policies\Microsoft\Edge','HKCU:\SOFTWARE\Policies\Microsoft\Edge','HKLM:\SOFTWARE\Policies\Google\Chrome','HKCU:\SOFTWARE\Policies\Google\Chrome' -Recurse -ErrorAction SilentlyContinue }"""
}