The curious case of the missing Group Policy Object

I joined a new Windows 8 tablet to one of my SBS2011 domains today, and upon attempting to run a gpupdate (which should collect the policy settings from the server and apply them) I got the following error:

The processing of Group Policy failed. Windows attempted to read the file \\MYDOMAIN.local\SysVol\MYDOMAIN.local\Policies\{7A91350F-E4F4-488B-87E9-1553740DCB6F}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved.

I did a quick check on my domain controllers and found there was indeed no such folder. The next step is to find out which Group Policy Object the GUID 7A91350F-E4F4-488B-87E9-1553740DCB6F refers to. There’s a Microsoft article here with a few methods, however that mainly applies to Windows 2000 and 2003, and we now have the joys of PowerShell, which makes this much easier.

Firstly we need to open Powershell and import the module that contains the cmdlets that we need – in this case the module called “grouppolicy”:

Import-module grouppolicy

Then we simply need to call get-gpo with the –Guid switch and the GUID from the error:

Get-GPO Guid {7A91350F-E4F4-488B-87E9-1553740DCB6F}

This returns the following: powershell

This tells us that the client computer is looking for a policy called “Windows SBS Client – Windows 8 Policy”. I checked the Group Policy manager, and there is indeed no such policy – which is much as I expected, I’ve never seen or created such a policy – the question now on my mind is why did the Windows 8 client look for this policy when it’s never existed in my active directory? Another question for another day I believe – for now we just need to acquire or create such a policy.

It looks as though creating the policy manually would suffice, this seems to be described here however a bit of research revealed that this is automagically created as part of the Update Rollup 3 for Windows Small Business Server 2011, which is far easier…

I downloaded and applied the update, waited for replication to complete and re-ran the GPUpdate on my client, which completed successfully.

3 Comments

  1. I am not a “server”, just one PC with an iPad. Does that make me a “server”? I downloaded something that installed a horrible bunch of devious installations (no I did not “click” install) trying to out-race it’s installation, it went in anyway and made a horrible mess of things. One thing is that Group Policy is gone. I am not saavy so even reading your post didn’t help me much. I could follow your easy (and I say EASY) instructions but don’t have another computer. I only wanted to regain control of my PC. I fear I have to start over and just got windows 10 all in place. It took a week to get back to that point and I found a cute prog that changed the folder icons to color, on Giveawayoftheday. Not that the site nor the prog did it, but after I reset and went back to get my 10 back in place, found my preinstalled win8.1 was now a win7, oh hecka. And there were so many intrusions I can’t find them all, malwarebytes missed it all as did defender. I’m stuck with can I clean this up with GP?

    • Admin

      I’m afraid Group Policy won’t help you in this instance; it’s only applicable in a server/domain environment. From the sounds of it your computer’s been infected pretty badly – the only “safe” solution would be to back up all your important files and then re-install Windows, either from a disk or from the recovery partition on the PC.

  2. Eric

    Thank you for the article, it was helpful in identifying the policy in question. I had to modify the syntax slightly from your article to get the command to work in Windows Server 2012. In my case it was Get-GPO -Guid “{AC8B65F1-4775-438A-A89D-B65163376A73}”.

    It turns out that the policy returned was “DisplayName : SpiceworksAudit” and the corresponding guid folder didn’t exist either. So now I’m off to see if I can simply delete this policy.

Leave a Comment

*