Prepare:
1.    Download TWUndo.exe from Third Wall
2.    Copy TWUndo.exe to the %windir%\ltsvc directory. If it doesn’t exist, create it
3.    Copy thirdwall.dll to the %windir%\ltsvc directory
a.    Thirdwall.dll can be found in the %windir%\ltsvc\plugins directory
b.    Thirdwall.dll can be downloaded
4.    Copy interface.dll to the %windir%\ltsvc directory.
a.    Interface.dll can be found in any active Automate remote at the same path.
5.    From an administrative dos shell, navigate to the %windir%\ltsvc directory
6.    From the same administrative dos shell, run your command or commands

Syntax:
TWUndo.exe /x
(where ‘x’ is the policy number to be undone)

Examples:
To UNDO the Restrict Local Administrator Tools policy
TWUndo.exe /8

To UNDO both the Enable UAC and the Restrict Local Administrator Tools policy
TWUndo.exe /8 /9

Any number commands may be undone in one line, simply add /x for each. Note that highlighted policies are user policies, not machine policies. As such, they will need to be undone with the impacted user signed on to the machine

Policy IDs:
2 Rename Local Administrator Account
3 Set Local Administrator Password
4 Disable Local Administrator Account
5 Enable Minimum Password Length
6 Enable Maximum Password Age
7 Enable Password Protected Screen Saver
8 Restrict Local Administrator Tools

9 Enable UAC
10 Disable Setup.exe and Install.exe
11 Disable Windows Installer
12 Disable Windows 10 Keylogger
13 Enable Logon Message
15 Enable Smart Screen
16 Enable UPnP
17 Disable AutoPlay (AutoRun)
18 Disable Running Exe from %APPDATA%
19 Disable Write to Optical Devices
20 Disable Read & Write to Optical Devices
21 Disable Write to USB Storage Devices
22 Disable Read & Write to USB Storage Devices
23 Disable Cloud Storage
24 Schedule Free Space Delete
26 Uninstall Blacklisted Software
27 Enforce Complex Passwords
28 Block Common Webmail
29 Block Social Media
30 Disable Windows Store
31 Disable Google Play
32 Disable Apple App Store
33 Disable Office Macros Downloaded from the Internet
34 Disable OLE in Office Documents

35 Enable Windows Firewall = Workstations
36 Enable Windows Firewall = Servers
37 Disable Local LM Hash Storage
38 Audit All NTLM Traffic
39 Disable LM NTLM v1
40 Disable NetBios
41 Disable IPv6
42 Disable IGMP
43 Disable SMB v1
44 Log All Logon Events
45 Enhance Security Logging
46 Monitor Event Log Clearing
47 Alert on Excessive Logon Failures
48 Monitor for Ransomware Attack
49 Alert on Unencrypted Disk
50 Enable User Logon Reporting
51 Disable Guest Account
52 Disable Microsoft Accounts
53 Enable USB Wall
54 Disable Terminal Server Services

55 Enable USB Watch

56 Enable TWAPS

57 Clear Windows Pagefile on Reboot

58 Enable Registry Backup