Preventing Orphaned GPO’s


There are various different reasons why you might want to remove a computer from a domain within your network. Regardless of the reason, you have to be careful that you take notice of group policy being applied to the computer in order to prevent “orphaned” GPO’s.

An orphaned GPO is the result of what happens when you remove a computer from a domain without removing its applied Group Policy Objects. In order to prevent this from happening, it is a good idea to first move the computer in Active Directory into an OU that has no GPO’s applied to it before removing it from the domain completely. It is also a good idea to make sure that this OU is blocking policy inheritance from OU’s above it. Doing this will completely ensure that you all group policy settings are removed from the computer in question.

***


Chris Sanders is the network administrator for one of the largest public school systems in the state of Kentucky. Chris’s specialties include general network administration, windows server 2003, wireless networking, and security. You can view Chris’ personal website at www.chrissanders.org.

1 thought on “Preventing Orphaned GPO’s”

  1. Chris… I purchased a workstation from my work when I retired. It was part of a domain and therefore had many active directory GPO’s. I was unaware that it was not removed from AD prior to the purchase. One of the policies blocks wifi from being enabled and I need it to connect to the internet at home. Is there any way of removing all of those old policies without access to a DC? Thanks in advance for your help.

    Alan

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top