Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do you remove a policy from a client with removing the GPO?

Status
Not open for further replies.
Saavyd

Saavyd

MIS
May 3, 2006
13
US
I have a windows 2000 Domain Controller that I use to apply Group Policy on several windows XP machines. My problem is that company policy for computers keeps changing, so I have to edit the GPO constantly. Sometimes I find it easier to create a new OU with the GPO settings that I want and mover the users and user into the new OU. But when I do this I find that the new settings are not taking affect, in fact they are keeping the settings from the last GPO they were in.

I ran the GPOTOOL.EXE and found the old policies as well as the new policies were still in affect on these computers. I only want the policy from the new OU to apply not the old ones. I don’t want to delete the old GPO because some users need to be in this OU still.

Anyone know how to remove unwanted polices from the client with out removing the GPO out of active directory?
 
Sort by date Sort by votes
The problem you have now is with policies defined at various levels of the domain (domain level, site level and OU level). In your case, I assume you have policies defined at domain level and OU level. Here, users and computers in the OU will receive policies defined at both the levels. If you have a setting defined at the domain level policy and this conflicts with the OU level policy, the policy applied last will be effective. The order in which group policies apply:

1. The local Group Policy object (LPGO) is applied.
2. GPOs linked to sites.
3. GPOs linked to domains
4. GPOs linked to organizational units (OUs). In the case of nested OUs, GPOs associated with parent OUs are processed prior to GPOs associated with child OUs.

Also you have to consider "Block Policy Inheritance" and "No override" settings.

Please post back if you have more questions.

-Keshav
 
Upvote 0 Downvote
It all depends how you have linked the policies. If you have removed the user AND the computer from the scope of any policy, unless you are using custom policy edits for policy preferences, no policy should be retained.

Hope this Helps.

Neil J Cotton
njc Information Systems
Systems Consultant
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
981
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
580
DrB0b
DrB0b
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
944
gbaughma
gbaughma
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
801
goombawaho
goombawaho
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
480
fightaccording
fightaccording

Part and Inventory Search

Sponsor

Back
Top