I ran in to an instance last week where Group Policy was coming into question – specifically, why a computer wasn’t receiving new or updated policies. The problem ended up being related to Deep Freeze not thawing correctly and stuck group policies being the symptom, not the problem.
Despite the innocence of the GPO, I cobbled together a quick script to purge all of the tracks that I knew of where Group Policy could hide. This batch script deletes the cached group policies and the security database. It then kills the Kerberos ticket to request another and performs a group policy update. Ideally, you would restart after the script but since that might interfere with the troubleshooting, I left it out of the script.
@echo off
DEL /S /F /Q “%ALLUSERSPROFILE%\Application Data\Microsoft\Group Policy\History\*.*”
REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies /f
REG DELETE HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies /f
DEL /F /Q C:\WINDOWS\security\Database\secedit.sdb
Klist purge
gpupdate /force
exit
Don’t worry, the HKLM and HKCU registry keys get recreated with the gpupdate /force. Unfortunately, deleting at that level is the only way to delete the various subkeys and values.