Skip to main content

Posts

Showing posts from October, 2016

Who broke my GPO's? User GPOs no longer applying.

I stumbled on this gem today. Basically, if you use Security Filtering on a User GPO, it may not work any more due to Microsoft Patch  MS 16-072 , which was released on June 14, 2016. See https://blogs.technet.microsoft.com/askpfeplat/2016/07/05/who-broke-my-user-gpos/ This is an excellent article and explains it very well. Basically, this Microsoft patch changes the way that GPO's are processed. In summary: After applying the appropriate patch to your systems, User group policies are retrieved from SYSVOL differently than before. Prior to the update, domain joined computers used the user’s security context to make the connection and retrieve the policies. After the update is applied, domain joined computers will now retrieve all policies using the computer security context. What this means is that if you have used Security Filtering on a GPO with User scope, and you do not have "Authenticated Users" in the list of delegates with Read permissions, you need to add "...