Forum Discussion
revert settings from GPO
Hello, I tried to disable the ability for our RDS terminalserver users to install windows updates respectively I wanted to disable the message about new updates. So I changed our windows updates...
Possibilities -I
When any group policies using Group Policy Editor (gpedit.msc), all policies are stored in the following folders:
C:\Windows\System32\GroupPolicy
C:\Windows\System32\GroupPolicyUsers.
To reset or remove all applied group policies, you just need to delete these 2 folders: GroupPolicy and GroupPolicyUsers.
Force the policy
Possibilities-II
The gPLink attribute holds a list of all Group Policy containers linked to the container and a number for each listed Group Policy container, that represents the Enforced (previously known as No Override) and Disabled option settings. The list appears in priority order from lowest to highest priority GPO.
The gPOptions attribute holds an integer value that indicates whether the Block Policy Inheritance option of a domain or OU is enabled (0) or disabled (1).
Navigate to mentioned OU, where the servers reside, and ensure the GPlink option based GUID is still available even after removing the GPO
When any group policies using Group Policy Editor (gpedit.msc), all policies are stored in the following folders:
C:\Windows\System32\GroupPolicy
C:\Windows\System32\GroupPolicyUsers.
To reset or remove all applied group policies, you just need to delete these 2 folders: GroupPolicy and GroupPolicyUsers.
Force the policy
Possibilities-II
The gPLink attribute holds a list of all Group Policy containers linked to the container and a number for each listed Group Policy container, that represents the Enforced (previously known as No Override) and Disabled option settings. The list appears in priority order from lowest to highest priority GPO.
The gPOptions attribute holds an integer value that indicates whether the Block Policy Inheritance option of a domain or OU is enabled (0) or disabled (1).
Navigate to mentioned OU, where the servers reside, and ensure the GPlink option based GUID is still available even after removing the GPO
- thank you for the reply!
I tried option 1 and deleted the GroupPolicy and GroupPolicy-User folder in system32.
after gpupdate /force and some additional reboots the folders still don`t get generated automatically again.
In my oppinion the server does not pull any new GPOs / GPO sesstings from the AD.- Check any events %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
I have tested this by deleting all the subfolders from the root folder and event says
Next policy processing for domain\user will be attempted in 102 minutes.I have a similar problem. After disabling WSUS server and removing the associated GPO. It seems that the GPO is still active because I am still seeing the message “*Some settings are managed by your organization” on all my DC, servers and Windows 10 clients. I have ran gpresult /h gpreport.html and checked resultant set of policy. I am unable to detect where the GP is still be applied. Any help will be appreciated.
