Recreate the Local Group Policy Cache in Windows

Happy Monday!

This is something I ran into a while back and has come in handy on several occasions.

For those who may be unaware (as I was before stumbling upon this trick), Windows maintains a local cache of all the group policy settings that are applied to that particular system. This cache can occasionally become corrupt or de-synchronized with the domain controller, which can cause a variety of issues including failure to apply new group policy settings or changes to existing policies.  When this occurs, the quickest and easiest way that I’ve found to correct it is to clear and recreate this local cache.

To clear the local GPO cache, make sure you can view hidden files and folders and perform the following:

  1. Browse to C:\ProgramData\Microsoft\Group Policy\History (Windows 7 / Server 2008)
  2. Delete all of the contents under the History folder
  3. Open the command prompt and run GPUpdate /force
  4. Reboot the system

I initially came across this while troubleshooting a Windows 7 client that was flat out refusing to apply new Group Policy settings. After ruling out the new GPO itself by checking it for content errors, verifying that it was linked up to the proper OU in Active Directory,  the link order was correct, and security filtering properly configured, I turned to the client for additional troubleshooting. A GPResult confirmed that the new GPO wasn’t being read and, other than some generic group policy errors, the Event Logs proved inconclusive. So I eventually turned to the web and come across this article on the Windows Server TechNet forums where someone mentioned attempting to clear the local GPO cache, which worked like a charm.

Advertisements

8 comments

  1. Fantastic!

    Spent the last few weeks fighting with an error where some clients were not updating a logon message properly. The correct version of the GPO existed on all 3 DCs, couldn’t figure out how (or where) it was getting the old version from.

    Just tried this method, forced a reboot remotely and it works!

    Thank you 😀

    1. Try this path: C:\Windows\System32\GroupPolicy (hidden of course)

      It was only the settings for my Local GPO by I found it’s location when I tried to edit the GPO (using the MMC snap-in) and when I tried to save it claimed “You do not have permissions” (but I did). Luck for me, I had another server that had a working copy of those settings (mainly auditing in my case) and I could copy them over.

      Funny thing was, the MMC showed everything just as it should be, but it wouldn’t save it (first time I’d seen that error).

      Good Luck

  2. Also you can try deleting this database file, DW it is recreated after gpupdate /force C:\WINDOWS\security\Database\secedit.sdb

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s