Phantom GPO preventing software installation
Posted on 2008-10-06
I am working on a 2003 Windows domain. Multiple domain controllers. Replication is working fine as verified by dcdiag, replmon, etc.
A little background...A few months ago, our domain controller hosting all FSMO roles (server1) died. A new server has replaced it (server2). FSMO roles were seized by a third DC (server3). Metadata and DNS were cleaned up to remove all references to this server (server1) from Active Directory. AD is running fine, no replication issues, AD errors, etc.
The problem...Apparently there was an old GPO to deploy Java to PC's. I have been maintaining this network for a few years and was not aware of this GPO, so it must have been set up and then deleted at some point a few years back.
Last week I was tasked with deploying Java to our network. I was using a specific OU to test (HQ). I noticed that this Java GPO was not being applied as expected so I ran the GP Modeling wizard (on all domain controllers to verify consistency). The results indicated that the GPO should be applied based on the user/computer settings I was using. I logged on as the same user and the same PC that I used in GP modeling. When I ran gpresult from this PC, the GPO was not listed. So I ran gpresult /v to get more detailed info. Sure enough, there was an unnamed GPO listed (it says GPO: N/A) under the 'Software Installations' portion that referred to an old version of Java...The package was to deployed from a share located on the dead server (server1).
I need to know how to get rid of this phantom GPO. Will implementing a 'wait for network' GPO force the affected PC's to 'erase' old policies? I have determined that the phantom GPO applies to computer settings. Also, if someone could let me know if this could prevent the new Java package from appearing in the gpresult command from the affected PC (but using modeling wizard, it says the new GPO should apply). Lots of details here....let me know if you need anything clarified. Thanks for any help.