A subset of our pcs are no longer doing software scans since local computer policy is not working on these pcs (local computer policy mmc snapin won't load, gpupdate /force fails etc).  

We need to delete C:\Windows\System32\GroupPolicy\Machine\registry.pol which resolves the issue.

So I can create a task sequence or program package to delete the file but I would prefer to target this at a collection based on the scan failed specific error codes (there are two of them)?

Thanks

David

Well you could use baseline configurations script to do a gpupdate and if this failed have the script deleted the pol or just return non compliant and make a collection about it.

Also more simple WQL for failed update.(but did not test it) this might give you a working PC that as failed the update.

http://it.peikkoluola.net/2014/01/03/get-all-workstations-with-failed-software-updates-wql/

Since the issue is locally on a client i would use some sort of baseline with script to do the job. You could also deploy a powershell script that does all the logic of validating the pol key for the one that is broken and deleting it.

This is just my 2 cent hope it help you