Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Why do some machines retain old group policy data?

Posted on 2011-09-23
9
Medium Priority
?
371 Views
Last Modified: 2013-07-18
I have a handful of machines that retain old group policy data, specifically incorrect information for the Windows Update settings.  In particular, these machines point to an old intranet WSUS address.  All policies have been updated to reflect the new server address but these machines have not accepted the updated information.  I have scoured all GPO's to make sure there is nothing that still points to the old address and there is not.  I have removed and created new GPO's to get a fresh start, but no luck.

The machines are desktops and laptops running XP Pro SP3 and all servers are 2008 R2 SP1.

  So far I have tried the following to no avail:
-gpupdate /force...no change
-updating the GP info manually on the machine, but it reverts to the old info.
-deleting the reg keys for the info and running gpupdate /force - but it returns the old info
-deleting the entire Group Policy data from HKLM\Software\Microsoft\Windows\CurrentVersion\GroupPolicy...reboot, no change, gpupdate /force - this has worked a couple of times, but not consistently
-remove PC from domain and re-join...no change
-I have been through all of the Windows Update troubleshooting information and everything tests fine (can reach the server, can download the wuident.cab file, have done all the client self update troubleshooting and resets...all to no avail
-I have run gpresult and all the data is correct, the right GPO's are applying
-I have checked to make sure both User and Computer Configurations are set to apply
-there are no GP restrictions in place, nothing is configured to keep the policy from applying
-I have modified other group policy settings to make sure the GPO's are applying and discovered that only part of the Computer Configuration is applied...specifically anything within Windows Settings is applied, however I can't find any settings from within Administrative Templates that are being applied.

I have found one 'Extra Registry Setting' in the Administrative Templates which no longer has a category in the GPOE, so I've been wondering if I need to update the ADMX files to fix this?  If so, how do I do that?

I'm a little lost at this point...I'm self taught, so to have gotten here has been a lot of work and I have exhausted Google for anything that might help me, I've read all the posts on this info and tried anything and everything suggested to those who have had similar problems, but have not gained any ground.  Any input will be appreciated.

Thanks!
0
Comment
Question by:smartens3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 13

Accepted Solution

by:
BCipollone earned 2000 total points
ID: 36588636
Have you tried clearing the cache from command prompt?  Is the new server the same name as the old one?

ipconfig /flushdns
arp -d *
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 36588736
Have you ran:

wuauclt /resetauthorization /detectnow
0
 

Author Comment

by:smartens3
ID: 36588741
The new server is a different name, so it should be obvious when/if the change takes effect.

I had not tried clearing the cache, but I have now.  I ran gpupdate /force following that and the settings changed instantly!  I think the problem is solved.

Could you explain this situation to me?  I'd like to understand what was wrong and why this fixed it.

Thanks!
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:smartens3
ID: 36588747
Yes, I had run "wuauclt /resetauthorization /detectnow" and it worked in one case only.
0
 
LVL 13

Expert Comment

by:BCipollone
ID: 36588911
I wish I could answer your question as to why...  however I tell my friends this:  

"If you want me to fix the problem it will take a few minutes.  If you want me to figure out how it broke it will take a few days."

0
 

Author Comment

by:smartens3
ID: 36588942
Well, thanks for the solution nonetheless.  I have spent days getting to this point, I'll take an easy fix.
0
 

Author Comment

by:smartens3
ID: 36939648
Sorry to come back to this question again...it would appear the solution was only temporary.  Many of my machines have reverted to their old settings after some time.  Any ideas why this would be happening?  After receiving new info from Group Policy and applying it successfully for some time (days/weeks), why would the settings change, where would the machines get this info from?
0
 

Expert Comment

by:davidjuste
ID: 39335710
I have the same problem. I do a gpupdate /force update and the policy applies, however, after the reboot it reverts back to the old GPO. Any ideas?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 39336654
@davidjuste

This question has been long since answered and probably not even monitored anymore...You will need to open a fresh question to get any responses.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question