Solved

Deleted group policy still active

Posted on 2011-03-25
13
821 Views
Last Modified: 2012-06-27
We recently moved our DC from a Server 2003 to a 2008R2 server and in the process of moving servers a group policy was deleted for redirected folders. The GP is still active and we can't seem to find how to eliminate it from AD. Is there a way to do this easily?
0
Comment
Question by:toadstool331
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +3
13 Comments
 
LVL 11

Expert Comment

by:nordtorp
ID: 35218001
The computers do not know what the default values without a policy are and therefore, you still have redirection set on the computers.

 When you remove a policy the computers still know the settings from the policy.
0
 
LVL 7

Expert Comment

by:chris_martin62
ID: 35218031
You you tried using gpotool.exe. Heres a link that tells you a little about it. http://technet.microsoft.com/en-us/library/cc784165(WS.10).aspx
0
 

Author Comment

by:toadstool331
ID: 35218052
So what is my next step? How do I eliminate the GP from all machines?
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 11

Expert Comment

by:nordtorp
ID: 35218123
The policies has set some permanent settings in registry, you have to reverse the settings set from the policy. Either by a client side extension policy with remove registry keys or some Clean Registry Policy software.
0
 
LVL 6

Expert Comment

by:Lee_YCP
ID: 35218229
I make no warranty about proposed registry changes.
See http://support.microsoft.com/kb/201453
To find the GPO Policies on the local machines in question
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History
see if the subkey for your GPO is still there and delete the subkey under History that coresponds to your policy
0
 
LVL 7

Expert Comment

by:chris_martin62
ID: 35218330
take alook at this it may help fix the broken GPO http://technet.microsoft.com/en-us/library/cc816765%28WS.10%29.aspx
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 35218417
If you want to stop folder redirection you need to do it the correct way.

http://support.microsoft.com/kb/888203

If you have already deleted the GPO then you might have to manually move the data back the local machines.
0
 
LVL 9

Expert Comment

by:binary_1001010
ID: 35218456
you can use dcgpofix.exe /target:dc{domain} to fix default domain policy issue.
0
 

Author Comment

by:toadstool331
ID: 35218492
FYI,
What I have in the registry is:

History
  {SubKey 1}
       0=Local Group Policy
       1=Stop Folder Redirect
       2=Windows Desktop Search
       3=Global Printer Policy
       4=Default Domain Policy
  {SubKey 2}
       0=Default Domain Policy

0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35218508
Again for redirected folders the policy is not active anymore you just didn't send the folders and contents back to the local computers which is the problem. Please read link I posted you will get better understanding of the issue
0
 

Author Comment

by:toadstool331
ID: 35218717
dariusq,
OK, I was able to make the changes to the Stop Folder Redirect Policy we made. I'm getting this error now. Suggestions?

Aborting redirection of folder My Documents. The new folder path cannot be a subdirectory of the current path. The folder is configured to be redirected to <\\iws-rds\users\%USERNAME%\My Documents>. Files were to be moved from <\\iws-rds\USERS\administrator> to <\\iws-rds\users\Administrator\My Documents>.
0
 
LVL 11

Expert Comment

by:nordtorp
ID: 35218744
See the answer post here
0
 

Author Closing Comment

by:toadstool331
ID: 35218802
You Rock!
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question