Revert GPO Settings to Undefined

Solution 1:

No, you can't turn back time on this one.

The previous state of the computers from before the GPO was applied was not recorded, so when Group Policy changed the state of those configurations, there is now no recorded previous state to revert back to. If the damage is seriously bad, you'd be looking at restoring the affected computers from a backup after removing the offending GPOs.

Sure, most policies are resistant against "tattooing," as described here, but not all of them. There are certain policy settings that can simply be deleted once the GPO has been removed or the computer/user is no longer in scope of the GPO, but some settings are not that simple.

In other words, imagine that before the GPO, a particular registry entry was set to 1 and was not affected by Group Policy. Then your Group Policy was applied and set that registry entry to 0. Now you say "oh no, put it back like how it was!" so you go and put that GPO setting to Not Defined. But the damage is already done. Not Defined does not mean "set it back to 1 if it was 0, or set it back to 0 if it was 1." It simply means that Group Policy will no longer flip that switch one way or the other.

No, of course you are not the first sysadmin to make this mistake. But Microsoft has already given tools to help you protect you from yourself. (E.g., Advanced Group Policy Management with check-out/check-in, offline editing and approver features, etc.)

I know you don't want to be lectured... you just need to be more careful.