I have a handful of machines that retain old group policy data, specifically incorrect information for the Windows Update settings. In particular, these machines
point to an old intranet WSUS address. All policies have been updated to reflect the new server address but these machines have not accepted the updated information. I have scoured all GPO's to make sure there is nothing that still points to the
old address and there is not. I have removed and created new GPO's to get a fresh start, but no luck.
The machines are desktops and laptops running XP Pro SP3 and all servers are 2008 R2 SP1.
So far I have tried the following to no avail:
-gpupdate /force...no change
-updating the GP info manually on the machine, but it reverts to the old info.
-deleting the reg keys for the info and running gpupdate /force - but it returns the old info
-remove PC from domain and re-join...no change
-I have been through all of the Windows Update troubleshooting information and everything tests fine (can reach the server, can download the wuident.cab file, have done all the client self update troubleshooting and resets...all to no avail
-I have run gpresult and all the data is correct, the right GPO's are applying
-I have checked to make sure both User and Computer Configurations are set to apply
-there are no GP restrictions in place, nothing is configured to keep the policy from applying
-I have modified other group policy settings to make sure the GPO's are applying and discovered that only part of the Computer Configuration is applied...specifically anything within Windows Settings is applied, however I can't find any settings from within
Administrative Templates that are being applied.
What has worked, but only temporarily, is the following:
- Delete HKLM\Software\Microsoft\Windows\CurrentVersion\GroupPolicy
-ipconfig /flushdns
-arp -d *
-reboot and the correct settings will apply consistently in all cases.
The problem is that after a while the old settings reappear.
I have checked the event view on these machines looking for SceCli errors, but all of them report that the policy is applying successfully.
gpedit.msc reports that the local policy is empty, so I don't think the problem lies there, however I plan to test this more thoroughly by disabling all GPO's from applying to a specific machine and then checking the local policy again.
I have not been able to find any permanent solution so far and welcome any help I can get.
Thanks!