Old GPO settings keep returning

By wilde ·
Multiple DC's running 2003 R2 SP2
One domain
Clients running XP SP2
Default Domain Policy is untouched

The problem:
A Custom GPO with Internet Explorer 6.1 settings, such as Starting page and Proxy settings. These settings have changed and have become more complex. So I decided to setup a new GPO for a select test group.
This seemed to work after several dozen logons from various workstations, so it was time to go live.
The old GPO was emptied and deleted and replaced with the new one. However, the old settings are still being displayed. A GPO Result query returned the settings coming from a GPO with one of those {FE525-....} names.
Now since this is a fairly large network I blamed it on replication issues, but this turned out to be a wild goose chase because every other (minor) change to GPO's replicated like the wind.
Since this wasn't a really big problem and there is other work to be done I decided to let it rest for a couple of days, but even after that the queries still returned the same.
I decided to get the old GPO back, which I backed up, and remove the newly made.
It loaded to the clients like it should. So I made the necessary changes in that GPO just to see what would happen.
Nothing! Not one thing changed. GPO Result queries kept returning the old values coming from the newly edited and correct GPO.

It has me stumped.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by wilde In reply to Just a thought...

The hardware config is indeed the same. All HP D530's, the ones with and the ones without the problem.

I agree though, I've seen many post here and on MS'KB concering NIC's, especially Gb NIC's, which those HP D530's have. But forcing them to 100Mb, as suggested by MS, didn't do a thing.
Image one computer and the problem is gone. I really want to rule out connectivity as a source of the problem.

What I meant with that <i>'winning policy' is always the one with the only settings'</i> statement was, there is no other policy with Internet Explorer settings. Even if I remove that policy and let the changes replicate across the domain it still shows those settings, with as a winning policy an unknown policy with one of those {FE542-....} names.

Create a new one, with a different name and the old one, with the old name and settings returns! So it does use some sort of ADM of other tangable entity as a cache, however it doesn't replace it for some reason.

I might want to add, that is doesn't seem to matter what DC I use to get the policies from, I've tried four, all with the same results.

But hey! Keep doubting what I say, I must be the one overlooking something. So thanks again!

Collapse -

did you delete...

by NaughtyMonkey In reply to .

from group policy management and verify that the policy was actually deleted. Maybe it is lingering and causing a problem.

I don't doubt you or your abilities, just need to cover all bases and have it clear for others that might come across this post later trying to solve the same or a similar problem.

Collapse -


by wilde In reply to did you delete...

I know, you're right, I need to cover all my bases. Hence, I ask you guys to fire away :)

Before the policy was deleted it was cleared out first, all settings removed. It's what I always do, because when working with custom ADM (preference settings) you need to do this (or disable them) or else settings will indeed linger.

Then I deleted it. But there was still a reference to it in the RSoP, although it was to a name that wasn't present in the SYSVOL folder or anywhere as on any of the domain controllers.

But I wish to reiterate that the GPO runs well from the DC point of view. It's the workstations that just won't renew/replace it.

Collapse -

Try this, it worked for me

by JPabroad In reply to yup

Hi, try this. It worked for me.

Create a test gpo and link it to an existing OU for testing purposes(idealy affecting the problem workstation(s)). Put the changes you want in this test gpo. Now enable, enforce, link the gpo and check off block inheritance.
Next go to users and computers (on the server) and make a user(with the problem WS) in the above test OU a member of Administrators.
Run gpudate /force on server.
Go to the users' workstation(as above) and run gpupdate /force or reboot.
Vuala, you should see the changes.
Let us know how it worked out.
P.S. Once the gpo issue is resolved, remove the user from being member of Admin grp


Related Discussions

Related Forums