I mentioned using None as a PermissionLevel to remove someone's rights from GPO Delegation, but let's spin out a sample command to make sure you can do it on your own. When deleting a GPO or a GPO Link, you are utilizing entirely different PowerShell cmdlets (one starting with the word Remove) from what you use for building those objects, but for GPO permission removal you do not use a Remove-type command. Instead, you continue to use Set-GPPermissions, but flag them for configuring a PermissionLevel called None. Here is a command that reverses the rights that we just handed to our user called Grace. We have now decided she does not require permission to modify MyNewGPO, and so we are going to take those rights away from her:
Set-GPPermissions -Name MyNewGPO -PermissionLevel None -TargetType User -TargetName "Grace"
Maybe even more useful is a sample command to remove Authenticated Users from a GPO, as we did when setting Security Filtering earlier. This is a common thing to do whenever you want to filter a GPO down to particular users or groups. The following command will remove Authenticated Users from Delegation on MyNewGPO:
Set-GPPermissions -Name "MyNewGPO" -TargetName "Authenticated Users" -TargetType Group -PermissionLevel None