Unsolved Flushing GPOs
-
Okay - so I have a few GPOs that just don't seem to be working correctly.
Is there a way - once the GPOs are deleted to force purge them from the work stations? I seriously need to start at net zero to fix a prolifera of issues.
-
@gjacobse said in Flushing GPOs:
Okay - so I have a few GPOs that just don't seem to be working correctly.
Is there a way - once the GPOs are deleted to force purge them from the work stations? I seriously need to start at net zero to fix a prolifera of issues.
You need to setup the settings to Delete or changed to not configured, wait until it applies and then delete the GPOs after confirming they are not applied any longer.
-
For each Policy set to not configured - then deleted..
and by each,.. if there are 60 Policies,.. it has to be done 60 times....
-
@gjacobse said in Flushing GPOs:
For each Policy set to not configured - then deleted..
and by each,.. if there are 60 Policies,.. it has to be done 60 times....
Otherwise the settings are applied still.
-
@gjacobse said in Flushing GPOs:
Is there a way - once the GPOs are deleted to force purge them from the work stations? I seriously need to start at net zero to fix a prolifera of issues.
The GPOs action a setting, they don't remember what the setting used to be. So no amount of "removing" a GPO will make something "go back to the way it was before." GP doesn't work that way.
If you have a light switch, and you make a GPO that says "Turn the Light to On", then every time it runs, it makes sure that the switch is in the "on" position.
But it never records if it was "on" or "off" before the first time GP was used. So if you remove that GPO, it just stops enforcing it to "on", but it has no way to know how to revert it to the original state. GP doesn't include the capability of reversion.
-
from a user side, you can delete the user profile and that basically starts it over.. but no clue on doing that for the computer side, other than rebuild machine.
-
@dashrender said in Flushing GPOs:
from a user side, you can delete the user profile and that basically starts it over.. but no clue on doing that for the computer side, other than rebuild machine.
Delete the user profile and delete all user data,.. work etc... not really all that practical.
-
@gjacobse said in Flushing GPOs:
@dashrender said in Flushing GPOs:
from a user side, you can delete the user profile and that basically starts it over.. but no clue on doing that for the computer side, other than rebuild machine.
Delete the user profile and delete all user data,.. work etc... not really all that practical.
yeah, it was only a listing of a possible option.
-
If you still have the old GPOs yeah you can set them to unset.
If you don't because you delete them.. restore them from backup.
-
What about using loopback processing in replace mode and then set it to enforce instead?
-
@gjacobse anything came out of this?
-
@dbeato said in Flushing GPOs:
You need to setup the settings to Delete or changed to not configured, wait until it applies and then delete the GPOs after confirming they are not applied any longer.
Get-Content c:\temp\gpos.txt | foreach { Get-GPO -Name "$_" | Remove-GPO }
http://jeffwouters.nl/index.php/2013/08/remove-group-policy-objects-through-powershell/
I bet you could do something like this to set all GPOs to "on delete remove from client" too
-
@thwr said in Flushing GPOs:
@dbeato said in Flushing GPOs:
You need to setup the settings to Delete or changed to not configured, wait until it applies and then delete the GPOs after confirming they are not applied any longer.
Get-Content c:\temp\gpos.txt | foreach { Get-GPO -Name "$_" | Remove-GPO }
http://jeffwouters.nl/index.php/2013/08/remove-group-policy-objects-through-powershell/
I bet you could do something like this to set all GPOs to "on delete remove from client" too
This assumes a txt file with all GPO names. You could also just use
Get-GPO