With the recent flurry of migrations away from Windows 2003 you may see some migrated Group Policies (GPOs) reporting ghost settings for folder redirection or Internet Explorer Maintenance that no longer exist. Here’s how to remove them.
Internet Explorer Maintenance Policies
Internet Explorer Maintenance Policies were depreciated after IE9 and Microsoft made alternative options available (here). If you migrate a policy from Windows Server 2003 to 2012 you may find that you can no longer edit the Internet Explorer Maintenance Policies settings as they no longer show up in the GPO editor (hint: if you need to edit the settings try a Windows XP machine with the admin tools installed).
Annoyingly, the Internet Explorer Maintenance Policies do still appear in GPO settings or RSOP reports after migrating to Windows 2012 despite the fact they can no longer be edited or deleted. If you no longer need the settings here’s how to remove them. (Based on MS KB2722241)
- Firstly you need to find the GUID of the GPO. From Group Policy Management find the GPO in question, select it and click on the Details tab. Make a note of the Unique ID.
- From AD Users and Computers make sure Advanced Features is turned on (View /Advanced Features).
- Browse the tree to System > Policies > GPO GUID (the Unique ID).
- Right click the GUID and select Properties.
- In the dialog box click the Attribute Editor tab.
- Scroll down and double click gPCUserExtensionNames attribute.
- A dialog box with a long text string appears.
N.B. This lists all the Extensions associated with the user GPO. It’s difficult to edit in the small text box so I like to cut and paste the entire text into notepad, save a copy as a roll back then edit the text and paste it back, ensuring the existing text is completely replaced. Each extension is enclosed in [] square brackets.
- To remove Internet Explorer Maintenance Policies delete ONLY the following from gPCUserExtensionNames: [{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]
- Ensure that all other entries in gPCUserExtensionNames remain intact in their [] brackets or you will break the GPO.
- Click OK and check it has worked by refreshing the GPO settings report in the GP Management console.
Removing GPO Folder Redirection Extensions
A similar situation can occur if you remove Folder Redirection Settings from a policy: you may see that the GPO settings report still lists an empty Folder Redirection section or when running GPUpdate on a client PC it may tell you that some policies will only apply at log on.
Following the same procedure above remove the following extension from the GPO gPCUserExtensionNames attribute:
[{25537BA6-77A8-11D2-9B6C-0000F8080861}{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}]
As always be very careful when manually editing AD Attributes and always make sure you have a roll back plan in case things go wrong!
Great blog – This helped me a great deal !
Glad it helped 🙂
This was driving me crazy. Thanks for the guide!
Very nice way to fix the IEM issue.