New Group Policy Patch MS16-072– “Breaks” GP Processing Behavior

For the Windows Admin folks in the house. If you are getting ready to drop patches (or have already) and are experiencing GP issues, this might explain it and also might help fix it.

This morning I woke up to an email from a fellow Group Policy MVP–Martin Binder–warning that folks were seeing GP Processing issues after the recent slew of Patch Tuesday updates were applied. Indeed, I had noted late on Tuesday via Twitter.

And you’d removed Authenticated Users completely from the GPO’s delegation, then GPO processing for per-user settings would fail after applying MS16-072. As the day went on, I mostly ignored this issue, until tonight I read the KB article surrounding this patch in detail. Specifically, there’s a section called Known Issues where it says the following:

“MS16-072 changes the security context with which user group policies are retrieved. This by-design behavior change protects customers’ computers from a security vulnerability. Before MS16-072 is installed, user group policies were retrieved by using the user’s security context. After MS16-072 is installed, user group policies are retrieved by using the machines security context”

Um….that’s big. What it’s saying is that per-user GP processing has fundamentally changed. 

Read more.

Da Boss!

Website: www.digitalsmind.com Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.