The customer told me, that the system acted abnormal and a regular gpupdate
report’s some strange issues with some policies.
Turned out, that they moved the server between organizational units (OUs) and that created issues with Group Policy Objects from the domain and older local Group Policy Objects.
We decided to remove all Group Policy Objects completely and re-apply everything from scratch!
rem Restore Local Security Policies to default
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
rem Remove Group Policy Objects
RD /S /Q "%WinDir%\System32\GroupPolicyUsers"
RD /S /Q "%WinDir%\System32\GroupPolicy"
rem Apply the Group Policy
gpupdate /force
All of the above must be executed within an elevated session. And you should keep in mind, that the commands above will remove everything. Especially the secedit
can remove more then you might want. So use this with caution!