The customer told me, that the system acted abnormal and a regular gpupdate report’s some strange issues with some policies.

Turned out, that they moved the server between organizational units (OUs) and that created issues with Group Policy Objects from the domain and older local Group Policy Objects.

We decided to remove all Group Policy Objects completely and re-apply everything from scratch!

rem Restore Local Security Policies to default
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

rem Remove Group Policy Objects
RD /S /Q "%WinDir%\System32\GroupPolicyUsers"
RD /S /Q "%WinDir%\System32\GroupPolicy"

rem Apply the Group Policy
gpupdate /force

All of the above must be executed within an elevated session. And you should keep in mind, that the commands above will remove everything. Especially the secedit can remove more then you might want. So use this with caution!