Remove GPO from member server that will not join the domain anymor

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a member server that will not join the domain anymore. Account group
policies are applied to the server already force from the domain ad.

Now I want the account group policy (or the complete gpo) to be removed from
the server as this server will join his own workgroup. As this server is in
an other country it is not possible to re-install the server.

Question
If the server will be removed from the domain and join it to its own
workgroup and you change the account policies will the policy be accepted?

I hope someone can help as I can't take much risk on this server!

Regards,
Serge.
 
Serge said:
I have a member server that will not join the domain anymore. Account group
policies are applied to the server already force from the domain ad.
Click to expand...

"Not join"? Or "not connect" anymore?
Now I want the account group policy (or the complete gpo) to be removed from
the server as this server will join his own workgroup. As this server is in
an other country it is not possible to re-install the server.
Click to expand...

That should happen for almost all settings when you remove
it from the domain. (System Control panel)
Question
If the server will be removed from the domain and join it to its own
workgroup and you change the account policies will the policy be accepted?
Click to expand...

Sure. (It's supposed to work; why do you doubt this?)
 
Hi Herb,

Thanks for you answers to my questions.

The first reason why I doubt this is because the policies are applied to the
server already and I'm not 100% sure how strong the inheritence will work on
the policies if the server will be removed from the domain to join it to his
own workgroup. And the second reason is that the server is in France and I'm
in The Netherlands so if I'm not 100% sure the risk that that I take is that
I have to travel to France to fix it over there.

This answer confirms what I already expected. Thanks for you help.

Regards,
Serge.
 
Almost all policies do not permanently mark a machine.

The exceptions include (the obvious) changes to file or
registry permissions where the objects themselves are
changed by the policy.

Permanent changes were a notorious problem (called
"tattooing") back in NT policies and were pretty must
fixed in Win2000.

If you end up with anything missing or extra you can
change it in the local GPO (LGPO) of the machine.
 
Hi Herb,

I removed the server from the domain and put it in his own workgroup now. No
effective settings are applied to the server anymore! That's exactly what was
ment to be.

You really helped me out. Thanks for that.

Regards,

Serge.
 
Back
Top