A permission set can only be removed if and only if
If neither of the above conditions obtain then a permission set can be removed from a policy. In order to remove a permission set from the default policy level just type:
Caspol –rempset PsetName
As can be seen, permission sets are always referred to by their name. Using the –machine and –user options it is possible to explicitly state from which policy level a given permission set is to be deleted. For instance, the command below deletes the MyFilePset from the machine policy:
Caspol –machine –rempset MyFilePset
The xml file from which the permission set may have been imported will not be deleted. All that –rempset does is to exclude a certain permission set from a policy.