Alvin Abraham
asked on
How do I remove Group Policies on a Windows 2008 Server
In an attempt to secure servers a group policy was created and applied. There were all sorts of changes. Stopping services, Permissions on registry, etc.
I basically want to remove all the changes or reset the Policies/permissions back to basics.
I have moved the computers to other OU's and did gpupdate /force and it still has the old policies and permissions.
I have also removed the registry key: HKLM\SOFTWARE\Policies\Mic rosoft\
Still nothing.
I basically want to remove all the changes or reset the Policies/permissions back to basics.
I have moved the computers to other OU's and did gpupdate /force and it still has the old policies and permissions.
I have also removed the registry key: HKLM\SOFTWARE\Policies\Mic
Still nothing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i ran gpresult and i don't see the GUID.
Run gpotool from the resouce kit and you will get the GUID.
Hi,
Some policies get tattoed in the registry and hence apply even when the policy is not actually applying.
Please try this:
"Process even if the Group Policy Objects have not changed" under User Configuration\Administrati ve Templates\System\Group Policy
This will refresh the group policies once again.
What you can try is to re-apply that GPO and then force updation of GPOs on clients and the again remove it and see if it removes them this time. Also, check for and GPO removal settings if they are there before removing the GPO this time. and again update GPOs.
If this does not help, we might need to make manual changes in the registry.
regards,
Arun.
Some policies get tattoed in the registry and hence apply even when the policy is not actually applying.
Please try this:
"Process even if the Group Policy Objects have not changed" under User Configuration\Administrati
This will refresh the group policies once again.
What you can try is to re-apply that GPO and then force updation of GPOs on clients and the again remove it and see if it removes them this time. Also, check for and GPO removal settings if they are there before removing the GPO this time. and again update GPOs.
If this does not help, we might need to make manual changes in the registry.
regards,
Arun.
ASKER
himvy:
I was about to do the ADSIEDIT but this just removes the policy from Group Policy right?
Or does it remove it from the machine?
ark-ds:
I don't see this
"Process even if the Group Policy Objects have not changed"
PS: I have a Windows 2003 Domain.
gp.jpg
I was about to do the ADSIEDIT but this just removes the policy from Group Policy right?
Or does it remove it from the machine?
ark-ds:
I don't see this
"Process even if the Group Policy Objects have not changed"
PS: I have a Windows 2003 Domain.
gp.jpg
Hi,
I apologize, it should be in here :
Computer Configuration/Administrato ve Templates/System/Group Policy/ "Registry Policy Processing" and in there, is the option which says "Process even if there is no policy change".
I apologize, it should be in here :
Computer Configuration/Administrato
It will remove the policy from the group policies.
If you want just the default policies ,you can run a tool DCGPOFIX /ignoreschema.
This will give you default domain policy and default domain controller policy.Then you can create any other GPO you want as per your requirement.
ASKER
Ok i just want the group policy removed from 1 machine. I dont want to remove all group policies from AD.
ASKER
I just have to re create these machines. The whole thing is a mess
ASKER
This is probably the right answer until the develop something to remove old policies
Run gpresult and try to get the GUID of the policiy.
Then go to ADSIEDIT /SYSTEM/POLICY/GUID of the policy and delete it.