Group police is still apllied although it was deleted from the server

B

Bartosz Wegrzyn

I created a policy for application redirection and folder redirection.
I wanted to remove that policy, so I simply deleted it from the
server.
Still, it is applied to the client computers as it would exist.
I did mistake, because I did not configure the option to put the files
back to original folder after policy is deleted.
Now I cant add new similar policies like the above.
Also the old policy is still applied.
WHY???

logs from the userenv looks like this:

USERENV(bc.a4) 20:19:39:926 MyRegUnLoadKey: Hive unload for
S-1-5-21-436374069-1604221776-1177238915-1115 failed due to open
registry key. Windows will try unloading the registry hive once a
second for the next 60 seconds (max).
USERENV(bc.a4) 20:20:39:926 MyRegUnLoadKey: Windows was not able to
unload the registry hive.
USERENV(bc.a4) 20:20:39:926 MyRegUnLoadKey: Failed to unmount hive 5
USERENV(bc.a4) 20:20:39:926 UnloadUserProfile: Didn't unload user
profile <err = 5>
USERENV(bc.a4) 20:20:39:926 DumpOpenRegistryHandle: 2 user registry
Handles leaked from \Registry\User\S-1-5-21-436374069-1604221776-1177238915-1115
USERENV(bc.1f8) 20:26:48:668 ProcessGPOs: Extension Folder Redirection
ProcessGroupPolicy failed, status 0x4d3.

Please help.
 
G

Guest

You need to create a policy that points to the location that the data is
currently located at. Ensure that all users have logged on and received the
updated policy.
Once that has been done you can change the policy to move the data to
another share location. The reason this occurs is when the policy is
applied the settings are saved in the users profile so when you just deleted
the profile those settings stay inplace unless the, move to original
location was selected.
 
C

Cary Shultz [A.D. MVP]

As James stated, you did not give the 'system' a chance to learn about the
deletion. Usually when you want to remove a GPO - whatever it might be -
the suggested way is to simply unlink it from that level ( either Site,
Domain or OU ). Then, the next time that the affected users log off and
then back on ( if the GPO was assigned\published to the user configuration
side ) or the affected computers are rebooted ( if the GPO was assigned to
the computer configuration side ) the user / computer receives the 'unlink'
notification and that GPO is removed/not applied. After you are sure that
all affected user accounts / computer accounts have received this
'notification' then you should go ahead and select the second option (
delete this GPO from the domain ).

HTH,

Cary
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top