This article is complementary to my comments for Event ID 1000 from Userenv.
Before trying this, please note that I do not offer any warranty that it is applicable to your systems. The information is provided "as is" and you can use at your own risk. Unless you are comfortable using Active Directory management tools do not attempt to perform this on your production systems.
So to unlink the Default Group Policy follow these steps:
First, open up Active Directory Users and computers. Select the domain by a right-click and select properties:
This is the screen that will appear. Click on the ‘Group Policy’ tab:
Highlight the group policies one by one and click the ‘Delete’ button. Don’t worry, you’re not actually deleting the object, you’ll be prompted:
Make sure to select ‘Remove the link from the list’ as that will leave the GPO in place just in case:
Now you are done unlinking a GPO! Repeat this procedure if
you have more than one GPO. Once all GPO’s are unlinked, you should cease to
have the logon problem and may then re-create your GPO’s or re-link them one at a time making sure to carefully test each one after re-applying to ensure the problem doesn’t arise again. For this reason, Microsoft’s tech support recommended separating your policies, basically one policy per object.
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.