?
Solved

How do I reset all domain group policy to defaults.

Posted on 2010-11-15
12
Medium Priority
?
1,086 Views
Last Modified: 2012-05-10
Hello everyone.  

I have a small problem in group policy.  I had a 2003 R2 DC.  Then I added a 2008 Std & then a 2008 R2 Ent. DC.  Then I removed the 2003 R2 from the domain.  Raised the domain and forest functional level to 2008.

I'm having problems with Offline files on some windows 7 and XP computers.  I have my group policy off.  (default)  With GP off, a couple workstations are still trying to sync offline files to the 2003 R2 DC, which is not in the domain anymore.  I removed the Offline GP before I removed the 2003 R2 DC.  I also checked that its not applied anymore.  Right now, gpresult gives me nothing that will help.

 I also have System Center Essentials Installed, and that's the only GP that is applied.

In the GP "SCE Managed Computers Group Policy (MAIN_MG)" I'm getting an error- telling me I have to update my ADM files.  How do I update them, and which ones?

Please help.  
(I'm from Russia, and a couple of my servers are in Russian, so posting logs.. or something... I think will not help, unless you know Russian ))).  Please ask, I will try to translate my logs and errors as close as possible to the original English Server OS)

Thanx
0
Comment
Question by:Alex-Dryagin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 22

Expert Comment

by:Radhakrishnan R
ID: 34135947
After removing  old DC from the domain via ntdsutil or dcpromo, you have to manually remove the dns entry for the old server from your dns console & Active directory sites and service, If not, the client will always look for the old server which is not in the domain.

"Good Luck"
0
 
LVL 1

Author Comment

by:Alex-Dryagin
ID: 34136229
Did that just right after I ran dcpromo...
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34136912
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 
LVL 24

Accepted Solution

by:
Awinish earned 2000 total points
ID: 34136943
You need to reapply the policy with modified the setting the changes can be applied & make it not configured & apply on those affected pc.

Sometime, removing the system from the domain should quit all the GPO settings but if its not, you need to manually delete the entry from registry or repair the system.

Try below KB, which might help you & its applied for windows 7 too.
http://support.microsoft.com/kb/313222

http://blogs.technet.com/b/askds/archive/2009/03/12/how-to-properly-disable-offline-files-in-windows-vista.aspx

http://forums.cnet.com/7723-6142_102-125598.html


0
 
LVL 20

Expert Comment

by:Iain MacMillan
ID: 34136956
normally i would suggest putting the 2003 DC back online, but you have raised the domain level up, which is a one way process as far as i know.  The offline sync issue with XP systems might be due to the change in GP not propagating through your LAN before you shut the old DC down, but as long as you disable use of it on your current domain policy, then it should stop some if the issues until you get everything else fixed.  if you demoted the old DC correctly and waited for propagation and sync, then you shouldn't need to make changes in Sites and Services.  Check your DNS and DHCP scope properties as well, and make sure only your current DC's are listed.  You might want to check any systems which do not list on the DHCP, as they likely have static addresses which will reference the old DC (such as other servers, printers and test systems).

that said i know how to reset the domain if you have 2003 DC's, not sure if the same process will work for 2008 - let me know if you wish me to post the details.

I have both types of DC for many reasons, XP does not use the ADMX templates that Win 7 and 2008 do, and I still have 2003 Exchange server, so i use a 2003 DC Server to help with policies and using Exchange System Manager (I now run Win 7 64bit, which cannot run ESM 2003).
0
 
LVL 1

Author Comment

by:Alex-Dryagin
ID: 34140084
dariusg, Thak you for the link.

This is what I forgot to do... big mistake.
Important All users who are affected by your GPO modification must log off and back on to any computers where they have logged on before the changes are applied. You must apply these changes to the user's computer before you go to the next step.

Is there a way to undo or clear the GP that is probably still being applied?

What can I do?  Removing the computer from the domain and then back doesn't help... any ideas?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34140148
You need to make sure that the GPO is gone or readd the GPO back then properly stop the redirection. Or you can go into the registry to remove the key that holds this information
0
 
LVL 1

Author Comment

by:Alex-Dryagin
ID: 34147281
The thing is, I can't re-add the GPO back because someone deleted it when I was on a vacation...  but, before I removed the GPO, I properly stopped folder redirection.  The thing is I forgot that users who are affected by your GPO modification must log off and back on....  So I have the GPO someplace in the registry that is still being applied to some computers that I don't see.

Where can I find the GPO in the registry?

Many thanx in advance!
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34147472
Did you check the link i posted?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34147637
0
 
LVL 1

Author Closing Comment

by:Alex-Dryagin
ID: 34154491
Simple and clear
0
 
LVL 1

Author Comment

by:Alex-Dryagin
ID: 34154498
Thanx everyone for the help!!  Topic closed.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question