none
MDT 2012: deploy os - task sequence - deploy os Apply Local GPO Package RRS feed

  • Question

  • Hi,

    I created task sequence for deploying os

    in this task sequence I didn't deleted the - "Apply Local GPO Package"

    i deploy it on few computer and it make me problem with accessing programs

    I tried set default setting to local GPO on the deploy computer

    but it still blocking me some things on this machine

    How can I remove this local GPO package on deploy machine after It was set

    please help me

    Thanks.. 

    Saturday, January 31, 2015 12:02 PM

All replies

  • If you have AD configured, best option would be to make the desired modifications in GPO and let it handle updating the clients to your desired settings.

    Others have stated that using this command will do the trick:

    secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

    However, per the article Microsoft does not recommend this for Win 7.  Try at your own risk...Informational Link: http://support.microsoft.com/kb/313222

    Another option would be to use SCM and create a new Local GPO and update the machines remotely.

    Before going to those extremes, I would recommend troubleshooting the issue on a system and then determining which Policy is causing the issue and address it via a single modification.  No sense in trying to kill a fly with a sledgehammer...

    Saturday, January 31, 2015 1:37 PM
  • Still same thing getting blocked

    not entering

    it's the sysaid webpage

    something block him

    on other computer without this GPO Package all works fine

    What is the problem?

    Sunday, February 1, 2015 4:41 AM
  • The fastest way is to set ApplyGPOPack=NO in the cs.ini and remimage those machines.

    These GPO packs applies strict local policies, and if you want to reverse that you need to create a GPO Pack that undoes the 130 some restrictrions that are enforced by the default packgages.

    In general it's quicker to reinstall the machines.

    / Johan


    Regards / Johan Arwidmark Twitter: @jarwidmark Blog: http://www.deploymentresearch.com FB: www.facebook.com/deploymentresearch

    Sunday, February 1, 2015 11:52 AM
    Moderator
  • yes,

    but i want to remove it / return it to default after deploying os with GPO PACKAGE

    what to do?

    Friday, February 6, 2015 7:28 AM
  • Okay, so the main issue is the "SysAid" website being blocked?

    Can the error message be elaborated on?  There are tons of potential GPs that could cause this.  Without knowing more on the exact error, one would be shooting in the dark.

    Again, do you have Active Directory running?  Simply enabling the "Apply Local GPO Package" will not really modify much, unless you have created a Local GPO for it to use.  If you did create a Local GPO, what settings did you configure?  That would be a good place to start.

    You could also simply run a RSOP from a DC (if you have AD Setup) on an Imaged Machine to see what Policies are set and troubleshoot from that perspective.  On a non-domain system, just launch "gpedit.msc" from an Administrative Command Prompt; then navigate to "Computer Configuration" - "All Settings".  On the middle pane, click the "State" item to sort/filter.  Then you can easily see which settings were configured and troubleshoot from there.

    Simply reverting to the default settings to address an issue with accessing a website seems counterproductive, since you will be undoing any other settings (especially Security) that you configured in the first place...

    Friday, February 6, 2015 1:12 PM
  • Sorry but, 

    how to run RSOP on the Imaged machine?

    Friday, February 6, 2015 5:54 PM
  • gpresult /v /h blah.html

    Run the above on machines with the GPO packs and then without the GPO pack. Look at the differences and make changes to reflect the one that works.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.



    Friday, February 6, 2015 6:28 PM
    Moderator