ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Flushing GPOs

    Scheduled Pinned Locked Moved Unsolved IT Discussion
    serverserver 2008server 2012 r2server 2016server2012server2012r2gpogroup policy
    13 Posts 6 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dbeatoD
      dbeato @gjacobse
      last edited by

      @gjacobse said in Flushing GPOs:

      Okay - so I have a few GPOs that just don't seem to be working correctly.

      Is there a way - once the GPOs are deleted to force purge them from the work stations? I seriously need to start at net zero to fix a prolifera of issues.

      You need to setup the settings to Delete or changed to not configured, wait until it applies and then delete the GPOs after confirming they are not applied any longer.

      gjacobseG 1 Reply Last reply Reply Quote 2
      • gjacobseG
        gjacobse @dbeato
        last edited by

        @dbeato

        For each Policy set to not configured - then deleted..

        and by each,.. if there are 60 Policies,.. it has to be done 60 times....

        dbeatoD 1 Reply Last reply Reply Quote 0
        • dbeatoD
          dbeato @gjacobse
          last edited by

          @gjacobse said in Flushing GPOs:

          @dbeato

          For each Policy set to not configured - then deleted..

          and by each,.. if there are 60 Policies,.. it has to be done 60 times....

          😞 Otherwise the settings are applied still.

          1 Reply Last reply Reply Quote 1
          • Reid CooperR
            Reid Cooper @gjacobse
            last edited by

            @gjacobse said in Flushing GPOs:

            Is there a way - once the GPOs are deleted to force purge them from the work stations? I seriously need to start at net zero to fix a prolifera of issues.

            The GPOs action a setting, they don't remember what the setting used to be. So no amount of "removing" a GPO will make something "go back to the way it was before." GP doesn't work that way.

            If you have a light switch, and you make a GPO that says "Turn the Light to On", then every time it runs, it makes sure that the switch is in the "on" position.

            But it never records if it was "on" or "off" before the first time GP was used. So if you remove that GPO, it just stops enforcing it to "on", but it has no way to know how to revert it to the original state. GP doesn't include the capability of reversion.

            1 Reply Last reply Reply Quote 1
            • DashrenderD
              Dashrender
              last edited by

              from a user side, you can delete the user profile and that basically starts it over.. but no clue on doing that for the computer side, other than rebuild machine.

              gjacobseG 1 Reply Last reply Reply Quote 0
              • gjacobseG
                gjacobse @Dashrender
                last edited by

                @dashrender said in Flushing GPOs:

                from a user side, you can delete the user profile and that basically starts it over.. but no clue on doing that for the computer side, other than rebuild machine.

                Delete the user profile and delete all user data,.. work etc... not really all that practical.

                DashrenderD 1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender @gjacobse
                  last edited by

                  @gjacobse said in Flushing GPOs:

                  @dashrender said in Flushing GPOs:

                  from a user side, you can delete the user profile and that basically starts it over.. but no clue on doing that for the computer side, other than rebuild machine.

                  Delete the user profile and delete all user data,.. work etc... not really all that practical.

                  yeah, it was only a listing of a possible option.

                  1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender
                    last edited by

                    If you still have the old GPOs yeah you can set them to unset.

                    If you don't because you delete them.. restore them from backup.

                    1 Reply Last reply Reply Quote 1
                    • black3dynamiteB
                      black3dynamite
                      last edited by black3dynamite

                      What about using loopback processing in replace mode and then set it to enforce instead?

                      1 Reply Last reply Reply Quote 0
                      • dbeatoD
                        dbeato
                        last edited by

                        @gjacobse anything came out of this?

                        1 Reply Last reply Reply Quote 0
                        • thwrT
                          thwr
                          last edited by thwr

                          @dbeato said in Flushing GPOs:

                          You need to setup the settings to Delete or changed to not configured, wait until it applies and then delete the GPOs after confirming they are not applied any longer.

                          Get-Content c:\temp\gpos.txt | foreach { Get-GPO -Name "$_" | Remove-GPO }
                          

                          http://jeffwouters.nl/index.php/2013/08/remove-group-policy-objects-through-powershell/

                          I bet you could do something like this to set all GPOs to "on delete remove from client" too

                          thwrT 1 Reply Last reply Reply Quote 1
                          • thwrT
                            thwr @thwr
                            last edited by

                            @thwr said in Flushing GPOs:

                            @dbeato said in Flushing GPOs:

                            You need to setup the settings to Delete or changed to not configured, wait until it applies and then delete the GPOs after confirming they are not applied any longer.

                            Get-Content c:\temp\gpos.txt | foreach { Get-GPO -Name "$_" | Remove-GPO }
                            

                            http://jeffwouters.nl/index.php/2013/08/remove-group-policy-objects-through-powershell/

                            I bet you could do something like this to set all GPOs to "on delete remove from client" too

                            This assumes a txt file with all GPO names. You could also just use Get-GPO

                            1 Reply Last reply Reply Quote 2
                            • 1 / 1
                            • First post
                              Last post