Enhanced security through
Group Policy Object reports

Enhanced security through Group Policy Object reports

Group Policy Objects (GPOs) reflect an organization's policy needs on security, printer management, power settings, and so on. These existing organizational policies may undergo changes as new policies come up, forcing admins to create new GPOs or change existing ones. GPOs that were previously in use, GPOs created for testing purposes, and other unwanted GPOs can accumulate in Active Directory (AD) over time.

Two typical reasons for GPO clutter in AD are unlinked GPOs and empty GPOs. Whether these GPOs aren't linked to any nodes or they simply don't have any settings, they take up unnecessary space in your AD database. From a security perspective, removing unwanted GPOs is critical, especially since these GPOs could later be wrongly linked to an AD object and cause issues. Routine AD cleanup can help you optimize your database by removing the GPO clutter that has developed over time.

Cleaning up empty GPOs

Identify long-forgotten test GPOs using ADManager Plus' All GPOs & Linked AD Objects report. View all the GPOs in your AD, including their linked objects and settings. Wondering how to detect empty GPOs? If a GPO's Computer Version and User Version are listed as zero, that GPO doesn't have any settings. Once you've identified empty GPOs, you can easily delete them from the GPO reports console itself.

Figure 1. Empty GPOs listed under the All GPOs & Linked AD Object report in ADManager Plus.

Steps to identify and delete empty GPOs using ADManager Plus

  • Click GPO Reports under AD Reports.
  • Open the All GPOs & Linked AD Objects report, then click Generate.
  • From the list of GPOs, select the GPOs with the Computer Version and User Version parameter listed as zero.
  • Click Delete to remove the empty GPOs from AD.

Cleaning up unused GPOs

GPOs in your AD that were previously linked to containers, but are now unlinked due to policy changes, can cause issues, especially if they're relinked to some other important container. ADManager Plus'  Unused GPOs report makes it easy to find and delete unlinked GPOs. 

Figure 2: Unlinked GPOs listed using ADManager Plus' Unused GPOs report.

Steps to identify and delete orphaned GPOs using ADManager Plus:

  • Click GPO Reports under AD Reports.
  • Open the Unused GPOs report, then click Generate.
  • Select the GPOs you'd like to remove, then click Delete. This deletes the orphaned GPOs and protects your AD from any potential security issues.

Try ADManager Plus for free

Download Now

30 days free trial

Request for personalized demo

  • Name
  • Email *
  • Phone Number *
  • Country
  • By clicking 'Submit', you agree to processing of personal data according to the Privacy Policy.

© 2022 Zoho Corporation Pvt. Ltd. All rights reserved.