Skip to main content

Who broke my GPO's? User GPOs no longer applying.

I stumbled on this gem today.

Basically, if you use Security Filtering on a User GPO, it may not work any more due to Microsoft Patch MS 16-072, which was released on June 14, 2016.

See https://blogs.technet.microsoft.com/askpfeplat/2016/07/05/who-broke-my-user-gpos/

This is an excellent article and explains it very well.

Basically, this Microsoft patch changes the way that GPO's are processed.

In summary:

After applying the appropriate patch to your systems, User group policies are retrieved from SYSVOL differently than before. Prior to the update, domain joined computers used the user’s security context to make the connection and retrieve the policies. After the update is applied, domain joined computers will now retrieve all policies using the computer security context.

What this means is that if you have used Security Filtering on a GPO with User scope, and you do not have "Authenticated Users" in the list of delegates with Read permissions, you need to add "Domain Computers".  Otherwise the user's will not get their GPO's.

Also, you need to change the default permissions in GPMC or AGPM for new GPO's, to add this permission.

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

"Blinky" TDOA RDF Detector

Our local Amateur Radio club is building a Radio Direction Finding TDOA (Time Difference of Arrival) detector that has LED's to indicate the direction (Left or right) of the fox.  Here are the build instructions.   (Note: this project was originally presented by NZ1J.  See his video:   https://www.youtube.com/watch?v=mNqUKYkifOo&t=68s   ) Here is the completed project: We start with the schematic:   Note that you either install PIN Diode pairs s D3 and D2, or Diodes pair D1 and D4.   The difference between these is the packaging.  If you are ok with Surface mount, then install D1/D4.  If you want discrete components use D3/D2. Next is the PCB.   The PCB can be ordered using the GRBR files available from the author.  The BOM for the electronic parts is as such: Doppler Direction Finder Bill of Materials   11/12/2021        Qty Part Digi-key Part Numbe...
5 comments
Read more

Radio Direction Finding - TDOA

This article describes a few projects that I built from plans for Amateur Radio Fox Hunting. Basically, the hobby/sport is for someone to hide a few low power "Foxes", which are small transmitters that beep or send Morse Code, and then have a bunch of HAM's try to find them. The first project that I built was a Yagi Antenna (Directional receiver) and a 4MHZ Offset Attenuator.  The attenuator is needed when you get close to the fox and you need to reduce the power of the received signal.  I struggled with this setup because, on my first 2 fox hunts, there was too much reflection and multi-path interference.  This causes false direction detection and if you are not mentally prepared for this, you want to throw all of your equipment into a garbage can and take up a different hobby.   There are some truly strange individuals who find this frustration fun and enjoy making other people suffer, but I will leave that discussion for another day.  Anyw...
Post a Comment
Read more

Powershell Tricks and Notes

How to expand parameterizedProperty Note if you issue the following command: Get-ADComputer -Filter * |Get-Member You will get the following result:   TypeName: Microsoft.ActiveDirectory.Management.ADComputer Name              MemberType            Definition ----              ----------            ---------- Contains          Method                bool Contains(string propertyName) Equals            Method                bool Equals(System.Object obj) GetEnumerator     Method...
Post a Comment
Read more