Link to home
Start Free TrialLog in
Avatar of CharliePete00
CharliePete00

asked on

Remove Group Policy from machine no longer on domain

I have a strange one here.  A user has a notebook that used to belong to a domain.  A very restrictive Group Policy had been applied (no local drive access, context menus, run dialogue, task manager, control panel).  User was given the opportunity to buy the machine when they left their previous company.  Machine had not been removed from that domain on exit.  One of my technicians helped this user out by changing the local Administrator password, logging on as the local Administrator, and removing the machine from the old domain.  The group policy still appears to be in place however and applies to every account other than the local Administrator (even other members of the local Administrators group).  An attempt to join this machine to another domain had no effect on the existing policy.  The system is running XP SP2.


Note:  This is an actual problem that I ran into a couple of years ago.  I did not have much opportunity to deal with it at the time so after some basic troubleshooting I took an image of the HD and reinstalled.  I have the time now so I've applied that image to a similar image and have turned it into a lab case.  I have to admit that I am as stumped today as I was then.
ASKER CERTIFIED SOLUTION
Avatar of James Clinton
James Clinton
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Cyclops3590
have you tried running the mmc and look at the resultant set of policy.  It should show what you have on your machine under the current user and tell you where the policy is coming from.
also, doubt it'll work, but have you tried
gpupdate /force
that's suppose to reapply all of the group policies even the ones that haven't changed.
Avatar of austinpctech
austinpctech

I believe this should accomplish what you are trying to do.

http://support.microsoft.com/default.aspx?scid=kb;en-us;313222
Still no luck. I have tried deleting the user folders but I cant delete All Users. Says it is a windows folder and cant be deleted.

I have tried running the script in the msft article to no avail as well.
I'm back now.  The user took the laptop with them for few days and I just got my hands back on it.

I have removed/re-added the machine to the domain.  Deleted the users profile on the machine and domain and let it rebuild.  Checked the resultant policies and it looks as if the correct policy is being applied.  The following are show in the resulatant policy.
 Allow or Disallow use of the offline files feature - enabled
Prohibit user configuration of offline files - disabled
Remove ' Make avaialable offline' - disabled
Prevent use of Offline Files folder - disabled.

I am at a loss as what to check next.

HowTo: Reset Security Settings Back to the Defaults
http://support.microsoft.com/default.aspx?scid=kb;en-us;313222&Product=winxp

This should help you, it explains using the default setup security template to re-apply the default security settings.

-NH