Cleaning up corrupt Registry.pol files with Powershell

One ongoing issue that can occur across an predominately Windows/Group Policy heavy enterprise environment is the corruption of the Registry.pol file located in %windir%\system32\Group Policy\Machine\. This file contains all the machine-based Group Policy settings in Registry format and are loaded at Operating System startup.

For reasons not even known by Microsoft it seems, this file can occasionally get corrupt and centrally defined Group Policies are no longer updated/kept in sync.

So in a effort to be able to clean up such a corruption at scale, I created a Powershell script that:

  1. Takes a array of machines as input
  2. Confirms they are reachable over the network
  3. Confirms that it has permissions to the location of Registry.pol
  4. Check the Date Modified tag of the file and if older than 1 day (good sign of corruption), delete the file and force a Group Policy refresh

One of the caveats to this process was while there a many more cmdlets in Powershell V3+ that I could leverage, it still had to support Windows 7 machines at the time of writing and therefore leverage much less cleaner ways to kick of a Group Policy refresh.

Without further ado…

Would love to see what improvements the readers out there could make. Maybe make use of job batching to do it in a much more parallel fashion? Let me know if you do give it a try in your environment.

James Written by:


  1. DeployGuy

    I just ran into one of these corrupt registry.pol instances and found your contribution while searching how to repair the damage. Nice work, very clever on using the date of the file as a probable indicator of file corruption! Using the immediate script function in SCCM I can query all my machines looking for this file and whether it is over one day old and perhaps detect machines that have a problem before the user even knows they have a problem.

    • 25/01/2019

      Hey DeployGuy, glad you found my post and it was helpful. It certainly is perfect to slot into a compliance rules in SCCM as a self-healing/automation function to keep the EUC fleet humming 🙂

  2. Allan Asante

    Hi James, this is great and just what I need, but i’m a bit of a newbie with powershell .. having issues with the format of the csv file containing all computers … can you help?

    • 26/05/2019

      Hey Allan, I would be honoured to help out. This particular script requires a no frills CSV file. Just one row, without headers, of the DNS/FQDN or IP address of the workstations you would like this to be ran against.

  3. Tom Wiggins

    Hi James. Bit of a powershell & sccm noob here. To deploy this in a compliance rule in SCCM as a self-healing/automation function do you need to modify the script read in the machine detail? Also if I create this powershell script as a package and deploy to a collection as required how does the script know which machine its running on.

  4. Gael

    Dear James,
    With this Co-Vid confinement, we just discovered that some computers are facing registry.pol corruption.
    Our main problem is that we have a thousand of people working with laptop and DirectAccess. So, you can imagine the problem once policies are not applying (and DA policies lost). The user cannot join our corporate network anymore…

    I will test and implement your script in my SCCM compliance !! I hope it will work and save us hours of work !

    In advance (because I am a positive IT Guy, lol) GREAT JOB, thanks again for your contribution

    • 20/05/2020

      Hey Gael,

      Comments like these absolutely warms my heart. Please reach out if you run into any brick walls integrating this as SCCM Compliance Item/Baselines.

Helpful? Have a question on the above?