Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 179
  • Last Modified:

Group Policy Deletions

Can anyone tell me if deleting a GP link and choosing the actually delete the object actaully deletes the folder in the sysvol directory.

I delete some GPs today from ADUC and seleted remove link and delete the object. However, when I look in the sysvol directory, the folders with those GPs SIDs are still in there.

I just want to make sure that this is correct behavior.

Thanks.
0
ainselyb
Asked:
ainselyb
1 Solution
 
iedenCommented:
Windows has never been really good about cleaning up after itself. Just look in your registry for old programs that have been removed...
I really don't know the answer to your question,,, so what i would do is this; after a few days of using the computers the GPO was directed at, if the GPO restriction appears to be lifted then I would assume it would be safe to delete the foled in sysvol. However if deleting is not your thing then just rename the folder to see what happens before deleting it. Then if after a few more days, go ahead and delete them if nothing bad happens. You should be able to rename the folders back tot he originals if things go awry...
Best wishes.
0
 
dcliveCommented:
I suggest installing GPMC (Group Policy Management Console) on the machine in question, as that will make installing, configuring, and removing (and unlinking) GPOs vastly easier and vastly more obvious.
0
 
Jay_Jay70Commented:
Hi ainselyb,

the biggest issue is when you have more than one DC, if you dont dont delete manually from the sysvol folder on each machine, then it just replicates back....

Group Policy Management Console is great but it does nothing but add a nice "viewing" interface onto your policy and directory structure - it has extra features yes, but as far as adding increased functionality in regards to your AD schema, it makes no difference

removing policies often needs to be done manually

Cheers!
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
dcliveCommented:
Actually, GPMC will make it very clear if he's deleting the link to the policy, or if he's deleting the actual policy.  That's why I suggest putting it on there.
0
 
Jay_Jay70Commented:
indeed it wil make it clear if he is deleting a link but it wont make any difference and give any more info on if he is deleting from the sysvol directory
0
 
dcliveCommented:
Is this the correct behavior?  MS seems to suggest no, it isn't.

http://support.microsoft.com/?kbid=842252

A GPO is a container for policies that are applied on a domain. When you configure a domain, the domain creates a Default Domain Policy for itself. Each GPO that you create has a GUID. When you create a new user-defined GPO, the %SystemRoot%\Sysvol folder contains a folder that has the GUID as its name. This folder represents the newly created GPO. If you accidentally delete a GPO, ***the corresponding folder is automatically removed from the Sysvol folder.*** Back up the system state every day so that you can restore the policy files if you accidentally delete the GPO.

0
 
Jay_Jay70Commented:
ha another one of ms "this should work" tricks - similar to dcpromo util....yes it will transfer the roles automatically..... sure.....!!

in theory yes, deleting the GPO from AD should delete it, but in practice, like many things, it doesnt always work
0
 
Michael_LeeCommented:
I have seen this behavior on our servers too, and our GPOs do still work.  It might just be the folder structure that is left behind.  Can you verify whether the (deleted) policies are still being pushed?  Are there any files in the GPO folder left in the sysvol?  
Whether this is *correct* behavior can always be disputed.  The bottom line is whether GPOs are still working or not.  
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now