Group Policy Not Updating: Old Printer Settings Still Showing Up

By
Dan
-
0
4
Asked By CuriousCoder92 On

I'm facing a frustrating issue with Group Policy Management. We had some printer deployments configured in the default domain policy, which I know is generally not best practice. Recently, we deleted those printer deployment settings from that policy and created a new GPO specifically for them. It's been about a week since we made this change, but when I run the Group Policy Results Wizard for a user on a remote computer, it still shows that the default domain policy would deploy those printers!

I've double-checked the default domain policy, and the printer settings are definitely gone. I even tried the dcgpofix /ignoreschema /target:domain command to reset it, but the wizard still reflects the old, deleted settings. The client workstations are experiencing issues too, with some old printers appearing and disappearing, causing print spooler problems. Just for context, we're running a single on-prem 2022 Standard Domain Controller that holds all roles, and we've recently migrated everything from an old Server 2016 to the new Server 2022. All DCDiag tests pass successfully, so I'm a bit at a loss here.

2 Answers

Answered By TechSavvyGuru On

This sounds like a case of GPO tattooing, which happens when settings are applied directly to the machines and don't quite get cleared out even after you've removed them from the GPO. Did you create a separate GPO to actively remove those settings, or did you just delete them from the original policy? If you haven't done a removal GPO, that could explain the lingering issues.

Answered By ClearCutAdmin On

You're definitely not alone in facing this! When settings are deleted from GPOs, sometimes the endpoints hold on to those cached settings. You can manually purge the Group Policy caches on the affected machines if you have a lot of them. Here’s how:
1. Log into the endpoint as a local admin.
2. Delete the Group Policy and GroupPolicy folders in %programdata%.
3. Restart the workstations and run a `gpupdate /force` as a domain user afterward.

Alternatively, you could create opposing settings in the GPO. For instance, if the printers were set to 'enabled', set them to 'disabled' instead. This way, the tattooing should clear up as the new policies override the old ones.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.