• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 668
  • Last Modified:

remove old group policies

I have been having problems with my clients after creating new group policies were some of them cannot shut down there computer. I ran RSOP on a client machine and found that they are still receiving the old gp's. I have ran gpupdate /force and used the Hive clean up tool - Also, done this in safe mode. Here's the catch I can run gpupdate /force and they get the correct policies - But, after a shut down they turn around and get the old ones back. Its not a complicated policy - I am editing the default policy that is all there is.

How do I get rid of the old policies for good - They are def not set the the gp anymore cause I changed them

Microsoft 2003 sp2 - XP Pro sp3 clients
0
modest911
Asked:
modest911
  • 10
  • 4
1 Solution
 
manav08Commented:
1. Are you using 2 domain controllers or one? If you are using 2 then the changes might not have replicated in the second DC and clients authenticating to that DC will get the old version of group policy. Your group policies exist in the SYSVOL folder as well.

2. Also make sure that the TIME ZONE and date settings of your server is correct and matches that of the client.

3. Also try doing the following -

Download dfsutil.exe which is part of the Support Tools
Windows Server 2003 Service Pack 1 32-bit Support Tools
http://www.microsoft.com/downloads/details.aspx?familyid=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en

Once downloaded try the following command. restart the workstation and see if it fixes it. dfsutil /purgemupcache
0
 
modest911Author Commented:
Yeah I have two DC's - They have been replicated to each other - I check the sysvol and they look the same - I checked time zones and dates - Thats good.

Yeah I was thinking of that purgemupcache - But havent got that far yet - Just a thought - I will run that now.

BTW - I reset my security policies on my Vista (I am the only one that has vista) with the following command - secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

This reset all my policies - When I try and do a gpupdate I get the following error

Event ID 1058

: The processing of Group Policy failed. Windows attempted to read the file %9 from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

I have check all the above and everything is okay.

Also, when I run gpupdate /force it is trying to pull a policy that doesnt isnt even there (in the sysvol).

Let me try the purge - Should I do that against both servers also?
0
 
modest911Author Commented:
I tried the purge on both servers and did gpupdate on them - Still no luck
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
manav08Commented:
1. Did you try replicating them again using AD sites and Services
2. Once you have done that look for EVENT LOGS under file replication service for errors and post them here.
3. As a Last resort,  go to your SYSVOL folder  and check the folder modified date on both the servers. If not the same it prooves our point that it is a replication issue. Copy the contents of more latest SYSVOL folder into the other domain controller. This will work for sure
0
 
modest911Author Commented:
I did the replicate in sites and services - No errors yet............

I did compair the to sysvol folders from the root of system32 and there is def a big difference in mod date. I am checking my firewall ports on the BackUp Dc.
0
 
modest911Author Commented:
I went into the SYSVOL folder and the date modified on both servers is different by a few hours - But the last time it was modified was last year August.

Still no errors in error log
0
 
modest911Author Commented:
Just restarted FRS on both servers - No errors -

The File Replication Service is no longer preventing the computer server from becoming a domain controller
0
 
manav08Commented:
To get everything back to normal now, manually copy the contents of the new  SYSVOL folder into the old one. Delete everything in the old folder before you copy the new contents.
There are obviously some syncing problems with the 2 servers. Usually refers to a TIME and DATE setting and TIME ZONE setting. Can you confirm this is all the same on both servers so that I can investigate further
0
 
modest911Author Commented:
Yes time zones and dates are correct.

I am hesitant to delete the policies off of the server and copy them over. The differences in time is only a couple of hours.
0
 
manav08Commented:
Hey I just found this article. It looks like a similar issue to yours. See if it helps -
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_22676739.html
If it doesn't I am happy to diagnose it with you further.
0
 
modest911Author Commented:
Yeah I dont think that really is the same issue I am experiecing
0
 
modest911Author Commented:
I have checked the GP's on both servers and they are the same.
0
 
modest911Author Commented:
Okay I have got my Vista machine back in order -

There is def a replication problem

I ran the following to reset the policy on the XP machine - secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

Def does reset it back -

I then ran gpupdate /force and its pulls in the old policies from some were. Argghhhaaa
0
 
modest911Author Commented:
Update - I ran sonar on both servers - Both of them came up with the error under the SYSVOL shared "Not a junction"

Also, with the one server running the windows firewall I was getting the erro RPC server not avail - I would turn off the firewall and the RPC server would become avail

So - I guess I need to figure out what RPC server ports I need to open and what the "Not a junction" error means?

0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 10
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now