Group Policy Patch MS16-072– “Breaks” GP Processing Behavior

Posted on by

One of Microsoft’s latest patches changes the security context of GPO processing for the user policies. This is a new ‘feature’ not a bug, its a new way of securing GPO processing.

You can read Microsoft’s KB on it from KB316622

sdmsoftware has a powershell script to automate the security change for you.

It would be nice if Microsoft gave more of a warning on this change. Instead the patch is released and it can cause GPO’s not to apply as expected because the new requirements for security.

Not what I wanted to be working on today. We will be patching this weekend.