We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


Group Policy Windows 2003 - Need to Delete, Can't! Help!

Todd_Bain asked
Medium Priority
Last Modified: 2010-04-18
Long Story Short -

I imported too restrictive of a GPO on top of my Default Domain Policy, now DNS has stopped, services have stopped, and I can not turn them back on.

I need to delete this thing out, but I can not use the GPMC, because it no longer recognizes the server (suspected due to the restrictions placed on the services (which have been turned off))

I have gone into C:\Windows\SysVol\Domain\Policies, and renamed it Policies.bak but it is still pulling it up, I know because I set a message up before logging in, and it keeps showing up every reboot.  I am shy of deleting out the entire policies directory, but I am close to trying it.

How can I delete this policy out so I can start over again?

Watch Question

Top Expert 2005

You shouldn't rename that directory.

Figure out what GUID contians the bad policy and cut and paste it somewhere else.

Reboot the server.

Open up ADUC and turn on Advanced view.  Dig down into the System folder and find the same GUID you moved from SYSVOL (it should be under policies) - delete it.


Let me know.


I deleted both GUID from the SYSVOL/Domain/Policies directory, rebooted still is loading the policy.

It is the only DC, so where else is this stored that I need to delete it from?

I could not copy / move because of the policy restriction.

Top Expert 2005

Do you remember exactly what you enabled/disabled that is causing this?  I might be able to figure something out.

Did you also remove it from ADUC?

If these are Registry entries, then we have to reverse the effects to remove the restrictions.


I can not get into ADUC

Looks like it is time to call Microsoft.
Top Expert 2005

If you know the GUID (should now be in the Recycle Bin) then fire up ADSIEdit.msc and find all instances of this a remove them.


This ticket can be closed, Microsoft solved the issue.
Top Expert 2005

How did they do it?  It would benefit this question to have an answer.


I spent over 5 hours on the phone with at one time 3 of their engineers.

It would be way too lengthy to disclose the entire procedure that took place.

If this happens to you, call Microsoft, use your TechNet Sub, or get a one time ticket for $245, and let them walk you through it.

They will have to walk you through registry edits to get the services running from a 4 state (gpo assigned) to a 2.

They will run some utilities which rebuild your GPO back to the original state.

They will run some diagnostics that they download and put onto your machine (I'm sorry I didn't write down everything as it was happening) and check all of your events to make sure your server is not going to see any ill effects.

Seriously its worth the money to call, as much time on the phone as I was yesterday, it was worth every penny.
Top Expert 2005

Agreed, I've had to use them before and found that they are very thorough.

Thanks for the update.
Closed, 500 points refunded.
The Experts Exchange
Community Support Moderator of all Ages

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.