One of Microsoft’s latest patches changes the security context of GPO processing for the user policies. This is a new ‘feature’ not a bug, its a new way of securing GPO processing.
You can read Microsoft’s KB on it from KB316622
sdmsoftware has a powershell script to automate the security change for you.
It would be nice if Microsoft gave more of a warning on this change. Instead the patch is released and it can cause GPO’s not to apply as expected because the new requirements for security.
Not what I wanted to be working on today. We will be patching this weekend.