Solved

GPO settings still on computer after imaging

Posted on 2009-07-06
16
206 Views
Last Modified: 2012-05-07
One of my associates reconfigured a machines and choose to create a image form this machine. Unforutanly he didn't remove the group policies from the machines. So now when any user logs in it installs a network printer, and maps a drive to a old location that is not in use anymore.  




This image was then used on 90 pc's


My question is how can I remove all GPO's, printers, and map drives from the all users profile or Default user profile. I would like if possible remove all setting and make the all user profiles return to the default settings. It's possible that the gpo are not applying anymore, but the map drives and network printer are somehow stuck in the all users or default users profile


I'm putting the points high, because this is starting to become a big problem in our enviroment
0
Comment
Question by:Con366
  • 9
  • 6
16 Comments
 
LVL 6

Expert Comment

by:ahmad2121
ID: 24789487
0
 
LVL 6

Accepted Solution

by:
ahmad2121 earned 400 total points
ID: 24789511
If you use the same image on all the pcs without running something like ghost walker, they will all have the same SID.. and if that is the case I would remove all the machines from AD, ghost walk them, then rejoin them again.
0
 

Author Comment

by:Con366
ID: 24789534
Already tried that

let me note the things I have already done

Already ran kb313222 fix
tried to delete the default and all user profile. Could not delete the allusers profile
Rejoin the machine to the domain and put it in a OU with no policy applied
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Con366
ID: 24789543
Newsid was ran on all the machines before joining them to the domain.

I can image a machines run newsid then join it to the domain and the settings are still there.

I belive it involves more than GPO settings as the map drive is also showing up for all users
0
 

Author Comment

by:Con366
ID: 24789552
Almost like something is stuck in the profile, from when the machines where sealed with sysprep.


Maybe I could delete the drives and printer, and reseal the machine?
0
 
LVL 6

Expert Comment

by:ahmad2121
ID: 24789593
what about creating a new user then logging in with it (on that machine). Same thing happens?
0
 
LVL 6

Expert Comment

by:ahmad2121
ID: 24789662
its probably a client application running enforcing those GPs. If you do a RSoP you would know for sure.

It would be best to disable non-microsoft services and then re-enable them until the culprit is found.

I had a similar situation with SCCM.
0
 

Author Comment

by:Con366
ID: 24789682
If I create a new user on the local machine. I get a warning about not being able to locate the defualt profile.

But when the profile loads it does not put the printer or map drive


I will need to reimage the machine again as i have made alot of changes to the machine. I also delete the default profile, so that may be part of the problem
0
 

Author Comment

by:Con366
ID: 24789710
I ran a Rsop and the output showed no GPO's still in place.


I am leaning to the default profile being messed up after sealing hte machine with sysprep.

0
 
LVL 6

Expert Comment

by:ahmad2121
ID: 24789966
Never EVER delete the default profile folder! Profiles would not be created correctly.

All users - applies to all the users of the system
Default user - used for first time logins
0
 

Author Comment

by:Con366
ID: 24789973
ahmad2121,

I understand this, and have already correct this. As I explained I was trying to narrow the problem down, and tried a couple of things. Since then I have reimaged the machine.

I understand that the default profile should not be deleted.
0
 

Author Comment

by:Con366
ID: 24790043
I have reimaged the pc, and created another local user to see if the printer and map drive apply to that user account.


The printer and map drive get placed on the profile of a local account.

RSOP reports no policys being applied to the machines.

So the issue does seem to be the all users profile or the default user profile.


In the registry under HKEY_USERS I see the following

S-1-5-18
S-1-5-19

all the way to 21

When I look under printers and connections I see the infromation the network printer. Not sure where to look for the map drives.

0
 
LVL 6

Expert Comment

by:ahmad2121
ID: 24790047
Ok well, I am sorry I can't be of anymore help. That last thing is your logon scripts, but I'd imagine you already checked those.
0
 

Assisted Solution

by:SilentOnes
SilentOnes earned 100 total points
ID: 24794537
Hi

removing the Default profile is not a problem
not replacing it may be

When I want a default setting to my users I do adjust one typical profile with all the settings i need
and then log from different users with admin rights
and in folders options set the system to show hidden files and system files
then rename "default user" profile to "default user - org"
my computer - properties - advanced - profiles
select the profile you set previously and copy to default users
set it to be used by everyone

I've been using this process for over ten years now
Hope this helps
0
 

Author Comment

by:Con366
ID: 24897692
I was able to fix the problems

for the printer issues, there turns out to be a pug in the newest version of pushprinterconnects.exe. Replaceing this file and adding and then removing the gpo from the machine fixed this problem.

the second issue of the map drive was from the default profile. A map drive was still on the administrators profile when sysprep was run. So it took those settings and made them the default user.

I am able to remove this drive manually, but by GPO would be better. But i will save that for another questions.

Since I only got 2  answers from anybody I will split the points up between you.

0
 

Author Closing Comment

by:Con366
ID: 31600374
thoug they did not give the solution to the problem, they did provide information for someones else if they come acroos this thread.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Synchronize a new Active Directory domain with an existing Office 365 tenant
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question