Solved

Group Policy MachineCNF

Posted on 2016-09-27
1
46 Views
Last Modified: 2016-10-02
In ADSIEdit unter 'System\Policies' I have some Conflict Objects (MachineCNF). Can they be safely deleted?
0
Comment
Question by:albatros99
1 Comment
 
LVL 6

Accepted Solution

by:
sAMAccountName earned 500 total points
ID: 41818057
They can, but dont use ADSIEdit.  Thats a jackhammer when a finish hammer is sufficient.  (Im a strong poroponent of never using ADSIEdit since theres no real input validation and typos can be catastrophic).  You can easily delete them using explorer or powershell.  

It's important you make sure the conflicting item that matches the CNF-<GUID> has the proper contents before you delete the CNF-{GUID} folder... S, for each CNF-{GUID} policy object folder, you should have a corresponding folder with the same {GUID}.  Use gmpc to view the policy that corresponds to the GUID to make sure the settings are correct, then use a workstation that should be in the policies scope to make sure its applying correctly.  If everything checks out, you can delete it...

If you do this, its best to do it on the PDC which is the authority for group policies and the DFSr replication group.  Doing it elsewhere can cause more CNF folders to appear (though this is more likely in large volatile environments)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question