How do I remove an old GPO off a W2K3 server?

Posted on 2009-02-11
Last Modified: 2013-12-04
I am trying to (learning to) make changes to the local security policy and running into locks on items such as "password minimum age", etc. Looks like our IT admin originally had the server connected to a domain. I am working on it as local administrator off the domain and walking through the W2k3 MS Threats & Countermeasures Security Settings.
Question by:normasue
    LVL 2

    Expert Comment

    In the Control Panel you will see there is "Group Policy Management" in side there you can see your entire AD structure and the + next to each one. If you expand the OU you are looking to delete the GPO from you can delete it from the OU or if you go down to "Group Policy Objects" you will see all Policys. If you delete from GPO at the bottom and not the OU you will be given the option to delete from all OU that it is linked to. You can also highlight the policy and in the right navagation pane you will see 4 tabs along the top, Scope, Details, Settings, and Delegation. Inside "Settings" you will see what options are configured on these policys, follow the heirarchy of User>Windows Settings>IE and so on to edit pre-existing policys. or just delete as you see fit.

    Hope this helps.
    LVL 11

    Accepted Solution

    Use the Security Configuration and Analysis mmc plug-in to compare the settings on this server with those on a server you know to have your organization's standard set of policies applied.  

    1.  Go to the server with the known standard configuration and use the Security Configuration and Analysis tool to export a template containing the server's settings.
    2.  Go to the other server and open the Security Configuration and Analysis tool.  Create a database and import the template you created in step 1.
    3.  Right-click Security Configuration and Analysis and choose Analyze Computer Now.

    This will compare current settings with standard settings.  You'll be able to see discrepancies more clearly than by combing through Local Security Policy.  

    Author Closing Comment

    Not quite the answer - but that actually answered a different question for me. Turned out I had to get IT help from the person who initially setup the server to remove it from the domain and I could continue with my settings.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now