GPO Troubles

Yes, quite frankly, just click on the GPO and click on the delete button.

I'm not sure if you need more than that...

Are you unsure of where to do this from?

I know where... just wondered if there were any effects to just deleting the whole thing without one being present there after.

I went ahead and deleted them all... Should I run any commands to flush out the settings?

no - you don't need to. Did you copy over the working profile first to the Default user?

I did not really have a working profile...(GPO)

Matter of fact, I think the default one was the one causing all the problems. So now, every GPO is gone.

Sorry, I posted that in the wrong thread! disregard that last comment!

But in regards to your question about flushing anything out, no. you dont need to. If you have deleted a GPO and it is still applied to a workstation or server, either reboot that workstation or use the following command:

SECEDIT /REFRESHPOLICY

That should do it for you.

use that command on the server or ws?

Sorry, from the workstation and only if you feel that a Group Policy Object is still being enforced after being deleted.

I think atmear need more solid planning for the OU structure, and also before just deleting the OU structure, some steps should have been taken appropriately...

here's my recommendation

- go through the OU structure already existing
- move any user accounts, groups, computer accounts to one of the built-in containers like the one called (users)
- simply delete the OU/OUs you don't need anymore after that
- start PLANNING for the new OU structure and design that on paper before you implement it
- some would recommend an OU structure based on organisational structure by departments, by ranking, by usage ...etc

another recommendation in case you didn't attend Microsoft Active Directory course, or have a practical experience with Group Policy, I'd recommend you the following website for more details on Group Policy implementation and considerations...

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/reskit/deploy/ccmdepl/ccmch04.asp

Best Regards,
The Egyptchamp
MCP+I, MCSE, MCSA, MCT

I did not create this GPO nor do I actually know what it consisted of. I do know it was causing problems... and it needed to be pulled ASAP. Thank You for taking the time to list the link.

FYI-this is a small enviroment, so we are capable of on the fly changes.

Actaully, I completely forgot about this, but since I like the idea of Group Policy, but hate the way MS chooses to manage it, you can use FAZAAM to manage everything.

FAZAAM is what Microsoft actually recommends to use when managing Group Policy. Using this program, you can back up your GPOs, restore them, see result sets of Policies, drill down into what each policy does, etc. You can see for yourself what the program does from its product pages... This should do everything you need to do and make things a bit easier to change and then restore things if they go awry.

I highly recommend it for anyone using Active Directory.

http://www.fullarmor.com/solutions/group/

I am checking that software out now.... Does anyone eles know of any other software to manage GPO's?

I deleted all my GPO's off all my users and machines, but the GPO's still seem to be in place.

Should I run any commands on the server to wipe those settings that were in place?

atmear ... can u please tell me what is the result that you see at your users or computers and you think it's coming from a Group Policy?

and yes, there're quick free tools and techniques to check if a group policy is in place or not, but first of all, try to tell me what is it that you think is coming from a Group Policy?

I would imagine that you are going to recommend GPRESULT, but dont forget about RSOP. That works incredibly well for tracking down things of this nature.

But I agree to look at why you think they are still propogating first...

accounts locking out after 4 wrong tries, still shows pre-log on warnings, removes user names in login areas (sometimes)... etc

This link will tell you how to use GPResult. Run it and it will tell you what Group policies are getting used on a workstation for a user.

http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/winxppro/proddocs/using_gpresult.asp

This link will show you where you can download GPResult.

http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/gpresult-o.asp

As far as RSOP (Resultant Set Of Policy), I guess it is only available on Windows XP. I was under the impression it was available for Windows 2000 also, but I cannot find it anywhere. If anyone knows, please post here!

jmiller, thanks for your efforts, and yes RSOP is only available under Windows .NET and Windows XP and not W2K

but maybe you got confused with RSOP that comes with FAZAM

Anyway, lets focus back to atmear situation...

atmear...
I don't think you need advanced utils like FAZAM or get yourself into the resource kit utilities for your situation, although I would recommend these tools in a bigger problem troubleshooting.

let me tell you, if you have already destroyed your OU structure with whatever GPOs these OUs had, and you still find the effect of a GPO applied on your users/computers, then most probably you still have a GPO applied either at the Domain level or the Site level.

and now concentrate in what I'm going to tell...

Go to Active Directory Users & Computers
Double Click your Domain Name,
then Right Click it,
Go to Properties,
Check under the Group Policy tab ...
try to locate any GPO linked at the Domain level,
most probably the GPO called "Default Domain Policy", is there
Edit this GPO, and try to find if this is the GPO that is still applying the policies unto your users...

Second Probability

Go to Active Directory Sites & Services
Double Click the default-first-site-name, if this is the only site created in your directory, else, try to find whatever sites are created there
Double Click the site,
Right Click, go to Properties
Look under the Group Policy tab
try to locate any GPO that is linked at the Site level...

if you find any!! then Edit this GPO and try to find if this is the one applying the policied unto your users.

Still, using a utility like GPresult.exe from a client computer while logged in with a user account who experience the policies would give you an indication of what GPO is being applied....

Though, in my opinion, and no other opinion should be different. since you've deleted the OUs with their GPOs, and there're policies that r still being applied, then (as I explained above); you must have a GPO linked at the Domain or a Site level

if the above didnt get your hands on the truth!! then email me right away, and I've more techniques to work around your case.

Best Of Luck

The Egyptchamp
MCP+I, MCSA, MCSE, MCT
egyptchamp@yahoo.com

I had to leave this problem for awhile, but I am begining to work on it again...

This is not the exact answer to my question, but you can figure out the answer by reading all of jmiller37's posts... Thanks Man!!