Solved

Deleted group policy still active

Posted on 2011-03-25
13
781 Views
Last Modified: 2012-06-27
We recently moved our DC from a Server 2003 to a 2008R2 server and in the process of moving servers a group policy was deleted for redirected folders. The GP is still active and we can't seem to find how to eliminate it from AD. Is there a way to do this easily?
0
Comment
Question by:toadstool331
  • 4
  • 3
  • 2
  • +3
13 Comments
 
LVL 11

Expert Comment

by:nordtorp
ID: 35218001
The computers do not know what the default values without a policy are and therefore, you still have redirection set on the computers.

 When you remove a policy the computers still know the settings from the policy.
0
 
LVL 7

Expert Comment

by:chris_martin62
ID: 35218031
You you tried using gpotool.exe. Heres a link that tells you a little about it. http://technet.microsoft.com/en-us/library/cc784165(WS.10).aspx
0
 

Author Comment

by:toadstool331
ID: 35218052
So what is my next step? How do I eliminate the GP from all machines?
0
 
LVL 11

Expert Comment

by:nordtorp
ID: 35218123
The policies has set some permanent settings in registry, you have to reverse the settings set from the policy. Either by a client side extension policy with remove registry keys or some Clean Registry Policy software.
0
 
LVL 6

Expert Comment

by:Lee_YCP
ID: 35218229
I make no warranty about proposed registry changes.
See http://support.microsoft.com/kb/201453
To find the GPO Policies on the local machines in question
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History
see if the subkey for your GPO is still there and delete the subkey under History that coresponds to your policy
0
 
LVL 7

Expert Comment

by:chris_martin62
ID: 35218330
take alook at this it may help fix the broken GPO http://technet.microsoft.com/en-us/library/cc816765%28WS.10%29.aspx
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 35218417
If you want to stop folder redirection you need to do it the correct way.

http://support.microsoft.com/kb/888203

If you have already deleted the GPO then you might have to manually move the data back the local machines.
0
 
LVL 9

Expert Comment

by:binary_1001010
ID: 35218456
you can use dcgpofix.exe /target:dc{domain} to fix default domain policy issue.
0
 

Author Comment

by:toadstool331
ID: 35218492
FYI,
What I have in the registry is:

History
  {SubKey 1}
       0=Local Group Policy
       1=Stop Folder Redirect
       2=Windows Desktop Search
       3=Global Printer Policy
       4=Default Domain Policy
  {SubKey 2}
       0=Default Domain Policy

0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35218508
Again for redirected folders the policy is not active anymore you just didn't send the folders and contents back to the local computers which is the problem. Please read link I posted you will get better understanding of the issue
0
 

Author Comment

by:toadstool331
ID: 35218717
dariusq,
OK, I was able to make the changes to the Stop Folder Redirect Policy we made. I'm getting this error now. Suggestions?

Aborting redirection of folder My Documents. The new folder path cannot be a subdirectory of the current path. The folder is configured to be redirected to <\\iws-rds\users\%USERNAME%\My Documents>. Files were to be moved from <\\iws-rds\USERS\administrator> to <\\iws-rds\users\Administrator\My Documents>.
0
 
LVL 11

Expert Comment

by:nordtorp
ID: 35218744
See the answer post here
0
 

Author Closing Comment

by:toadstool331
ID: 35218802
You Rock!
0

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now