Some settings are managed by your organization. How to fix?

How To Fix The "Some settings are managed by your organization" Notification When Trying To Open Windows Defender

"Some settings are managed by your organization" is a Windows 10 notification and usually not an operating system bug, etc. The notification does not explain how to solve the problem (for example, if you wish to change Windows settings). "Some settings are managed by your organization" appears when a Windows user tries to adjust settings to which they have limited access. Windows often includes packages that are configured by organisations to limit users' access to important settings. By displaying the "Some settings are managed by your organization" notification, Windows blocks modification of these settings to prevent possible damage to the Windows operating system or corruption of associated data.

When upgrading the operating system to Windows 10, users are asked who owns the computer (PC). You can choose from two options: you or your organization. If you select the second option, you may not be allowed to adjust certain Windows settings and the "Some settings are managed by your organization" notification appears. Windows can, however, perform an error when upgrading the system and, subsequent actions are limited by an 'organization' that does not exist (or does not 'own' your computer) either physically or with respect to the installed operating system.

Fortunately, is possible to avoid this notification and restore your ability to customize Windows settings, however, it can be a time-consuming process, requires some knowledge of Windows Registry Editor and Local Group Policy Editor. In this guide, we thoroughly describe each step to make the process easier. Be aware that Local Group Policy Editor is not available in Windows Home edition. Registry Editor, on the other hand, will be available and might also help to solve the problem.

Some settings are managed by your organization

Table of Contents:

Remove Windows Defender Policies Using Registry Editor

First, we recommend that you download a ZIP file (containing a REG file) that will help you to easily remove Windows Defender policies. Click this link, extract the REG file, and double-click it. Restart the computer for changes to take effect.

Now open the Registry Editor. Windows Registry, usually referred to as just 'the registry', is a collection of databases of configuration settings in Microsoft Windows operating systems. It is used to store much of the information and settings for software programs, hardware devices, user preferences, operating system configurations, and much more. Many of the options exposed in the registry are not accessible elsewhere in Windows. To edit the registry you will need to use Windows Registry Editor. To open Registry Editor, right-click the Start button and select "Run" from the contextual menu. Type "regedit" and press Enter or click "OK".

remove windows defender policies using registry editor step 1

Follow this path: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" (you can simply copy-and-paste it into the Registry Editor bar). Export this branch to a REG file by right-clicking it and selecting "Export". Select the location where do you want to place it and click "OK".

remove windows defender policies using registry editor step 2

Now delete the same branch by right-clicking it and selecting "Delete".

remove windows defender policies using registry editor step 3

Repeat the steps with the branch that you can find by following this path: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Advanced Threat Protection".

Close Registry Editor and restart the computer. See if this fixes the problem. Windows should no longer show the "Some settings are managed by your organization" notification when you try to modify Windows Defender settings.

After removing Windows Defender policies, it return to the state without limited access and the Windows Defender Settings window should look like this:

remove windows defender policies using registry editor step 4

[Back to Table of Contents]

Remove Windows Defender Policies Using Local Group Policy Editor

The Local Group Policy Editor (also known as gpedit.msc) is a Microsoft Management Console that allows you to manage Computer Configuration and User Configuration settings. By default, the policies that are set in the Local Group Policy Editor apply to all Windows user accounts. As mentioned before, it is available only in Windows Pro, Enterprise and Education editions, and not others such as Windows Home Edition.

Open Local Group Policy Editor by pressing the Windows (Win) key + R and typing "gpedit.msc", and then click "OK" or press Enter on the keyboard.

Follow this path in the right pane until you reach Windows Defender policies: "Computer Configuration/Administrative Templates/Windows Components/Windows Defender".

You will see a long list of policy settings with items in each sub-branch. Set each policy setting to "Not configured". This is the time-consuming part. Start with the following and ensure that all are set to "Not configured". If any policies are already set to "Not configured", enable them by right-clicking and selecting "Enable", and then set them back to "Not Configured":

- Allow antimalware service to startup with normal priority
- Turn off Windows Defender
- Configure local administrator merge behavior for lists
- Turn off routine remediation
- Define addresses to bypass proxy server
- Define proxy auto-config (.pac) for connecting to the network
- Define proxy server for connecting to the network
- Randomize scheduled task times
- Allow antimalware service to remain running always

Now, check the following ranges and also set their policy settings to "Not configured".

Windows Defender\Client Interface branch:

- Display additional text to clients when they need to perform an action
- Suppress all notifications
- Suppresses reboot notifications
- Enable headless UI mode

Windows Defender\Exclusions branch:

- Turn off Auto Exclusions
- Extension Exclusions
- Path Exclusions
- Process Exclusions

Windows Defender\MAPS branch:

- Configure the 'Block at First Sight' feature
- Join Microsoft MAPS
- Configure local setting override for reporting to Microsoft MAPS
- Send file samples when further analysis is required

Windows Defender\Network Inspection System branch:

- Turn on definition retirement
- Specify additional definition sets for network traffic inspection
- Turn on protocol recognition

Windows Defender\Quarantine branch:

- Configure local setting override for the removal of items from Quarantine folder
- Configure removal of items from Quarantine folder

Windows Defender\Real-time Protection branch:

- Turn off real-time protection
- Turn on behavior monitoring
- Scan all downloaded files and attachments
- Monitor file and program activity on your computer
- Turn on raw volume write notifications
- Turn on process scanning whenever real-time protection is enabled
- Define the maximum size of downloaded files and attachments to be scanned
- Configure local setting override for turn on behavior monitoring
- Configure local setting override for scanning all downloaded files and attachments
- Configure local setting override for monitoring file and program activity on your computer
- Configure local setting override to turn on real-time protection
- Configure local setting override for monitoring for incoming and outgoing file activity
- Configure monitoring for incoming and outgoing file and program activity

Windows Defender\Remediation branch:

- Configure local setting override for the time of day to run a scheduled full scan to complete remediation
- Specify the day of the week to run a scheduled full scan to complete remediation
- Specify the time of day to run a scheduled full scan to complete remediation

Windows Defender\Reporting branch:

- Configure time out for detections requiring additional action
- Configure time out for detections in critically failed state
- Configure Watson events
- Configure time out for detections in non-critical failed state
- Configure time out for detections in recently remediated state
- Configure Windows software trace preprocessor components
- Configure WPP tracing level

Windows Defender\Scan branch:

- Check for the latest virus and spyware definitions before running a scheduled scan
- Allow users to pause scan
- Specify the maximum depth to scan archive files
- Specify the maximum size of archive files to be scanned
- Specify the maximum percentage of CPU utilization during a scan
- Scan archive files
- Turn on catch-up full scan
- Turn on catch-up quick scan
- Turn on e-mail scanning
- Turn on heuristics
- Scan packed executables
- Scan removable drives
- Turn on reparse point scanning
- Create a system restore point
- Run full scan on mapped network drives
- Scan network files
- Configure local setting override for maximum percentage of CPU utilization
- Configure local setting override for the scan type to use for a scheduled scan
- Configure local setting override for schedule scan day
- Configure local setting override for scheduled quick scan time
- Configure local setting override for scheduled scan time
- Define the number of days after which a catch-up scan is forced
- Turn on removal of items from scan history folder
- Specify the interval to run quick scans per day
- Start the scheduled scan only when computer is on but not in use
- Specify the scan type to use for a scheduled scan
- Specify the day of the week to run a scheduled scan
- Specify the time for a daily quick scan
- Specify the time of day to run a scheduled scan

Windows Defender\Signature Updates branch:

- Define the number of days before spyware definitions are considered out of date
- Define the number of days before virus definitions are considered out of date
- Define file shares for downloading definition updates
- Turn on scan after signature update
- Allow definition updates when running on battery power
- Initiate definition update on startup
- Define the order of sources for downloading definition updates
- Allow definition updates from Microsoft Update
- Allow real-time definition updates based on reports to Microsoft MAPS
- Specify the day of the week to check for definition updates
- Specify the time to check for definition updates
- Allow notifications to disable definitions based reports to Microsoft MAPS
- Define the number of days after which a catch-up definition update is required
- Specify the interval to check for definition updates
- Check for the latest virus and spyware definitions on startup

Windows Defender\Threats branch:

- Specify threats upon which default action should not be taken when detected
- Specify threat alert levels at which default action should not be taken when detected

We hope that one of these solutions (depending on the edition of your operating system) solves the problem and you no longer receive the "Some settings are managed by your organization" notification when trying to modify Windows Defender settings. If you know of other methods to solve the problem, not mentioned in our guide, please share them with us by leaving a comment in the section below.

[Back to Table of Contents]

Video Showing How To Fix "Some settings are managed by your organization" Notification:

[Back to Top]

About the author:

Tomas Meskauskas

I am passionate about computer security and technology. I have an experience of 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an editor for pcrisk.com since 2010. Follow me on Twitter to stay informed about the latest tech news or online security threats. Contact Tomas Meskauskas.

Our guides are free. However, if you want to support us you can send us a donation.