Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

GPO settings still on computer after imaging

Posted on 2009-07-06
16
Medium Priority
?
210 Views
Last Modified: 2012-05-07
One of my associates reconfigured a machines and choose to create a image form this machine. Unforutanly he didn't remove the group policies from the machines. So now when any user logs in it installs a network printer, and maps a drive to a old location that is not in use anymore.  




This image was then used on 90 pc's


My question is how can I remove all GPO's, printers, and map drives from the all users profile or Default user profile. I would like if possible remove all setting and make the all user profiles return to the default settings. It's possible that the gpo are not applying anymore, but the map drives and network printer are somehow stuck in the all users or default users profile


I'm putting the points high, because this is starting to become a big problem in our enviroment
0
Comment
Question by:Con366
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
16 Comments
 
LVL 6

Expert Comment

by:ahmad2121
ID: 24789487
0
 
LVL 6

Accepted Solution

by:
ahmad2121 earned 1200 total points
ID: 24789511
If you use the same image on all the pcs without running something like ghost walker, they will all have the same SID.. and if that is the case I would remove all the machines from AD, ghost walk them, then rejoin them again.
0
 

Author Comment

by:Con366
ID: 24789534
Already tried that

let me note the things I have already done

Already ran kb313222 fix
tried to delete the default and all user profile. Could not delete the allusers profile
Rejoin the machine to the domain and put it in a OU with no policy applied
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:Con366
ID: 24789543
Newsid was ran on all the machines before joining them to the domain.

I can image a machines run newsid then join it to the domain and the settings are still there.

I belive it involves more than GPO settings as the map drive is also showing up for all users
0
 

Author Comment

by:Con366
ID: 24789552
Almost like something is stuck in the profile, from when the machines where sealed with sysprep.


Maybe I could delete the drives and printer, and reseal the machine?
0
 
LVL 6

Expert Comment

by:ahmad2121
ID: 24789593
what about creating a new user then logging in with it (on that machine). Same thing happens?
0
 
LVL 6

Expert Comment

by:ahmad2121
ID: 24789662
its probably a client application running enforcing those GPs. If you do a RSoP you would know for sure.

It would be best to disable non-microsoft services and then re-enable them until the culprit is found.

I had a similar situation with SCCM.
0
 

Author Comment

by:Con366
ID: 24789682
If I create a new user on the local machine. I get a warning about not being able to locate the defualt profile.

But when the profile loads it does not put the printer or map drive


I will need to reimage the machine again as i have made alot of changes to the machine. I also delete the default profile, so that may be part of the problem
0
 

Author Comment

by:Con366
ID: 24789710
I ran a Rsop and the output showed no GPO's still in place.


I am leaning to the default profile being messed up after sealing hte machine with sysprep.

0
 
LVL 6

Expert Comment

by:ahmad2121
ID: 24789966
Never EVER delete the default profile folder! Profiles would not be created correctly.

All users - applies to all the users of the system
Default user - used for first time logins
0
 

Author Comment

by:Con366
ID: 24789973
ahmad2121,

I understand this, and have already correct this. As I explained I was trying to narrow the problem down, and tried a couple of things. Since then I have reimaged the machine.

I understand that the default profile should not be deleted.
0
 

Author Comment

by:Con366
ID: 24790043
I have reimaged the pc, and created another local user to see if the printer and map drive apply to that user account.


The printer and map drive get placed on the profile of a local account.

RSOP reports no policys being applied to the machines.

So the issue does seem to be the all users profile or the default user profile.


In the registry under HKEY_USERS I see the following

S-1-5-18
S-1-5-19

all the way to 21

When I look under printers and connections I see the infromation the network printer. Not sure where to look for the map drives.

0
 
LVL 6

Expert Comment

by:ahmad2121
ID: 24790047
Ok well, I am sorry I can't be of anymore help. That last thing is your logon scripts, but I'd imagine you already checked those.
0
 

Assisted Solution

by:SilentOnes
SilentOnes earned 300 total points
ID: 24794537
Hi

removing the Default profile is not a problem
not replacing it may be

When I want a default setting to my users I do adjust one typical profile with all the settings i need
and then log from different users with admin rights
and in folders options set the system to show hidden files and system files
then rename "default user" profile to "default user - org"
my computer - properties - advanced - profiles
select the profile you set previously and copy to default users
set it to be used by everyone

I've been using this process for over ten years now
Hope this helps
0
 

Author Comment

by:Con366
ID: 24897692
I was able to fix the problems

for the printer issues, there turns out to be a pug in the newest version of pushprinterconnects.exe. Replaceing this file and adding and then removing the gpo from the machine fixed this problem.

the second issue of the map drive was from the default profile. A map drive was still on the administrators profile when sysprep was run. So it took those settings and made them the default user.

I am able to remove this drive manually, but by GPO would be better. But i will save that for another questions.

Since I only got 2  answers from anybody I will split the points up between you.

0
 

Author Closing Comment

by:Con366
ID: 31600374
thoug they did not give the solution to the problem, they did provide information for someones else if they come acroos this thread.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question