Group policy is not applying/working after patching (GPO Permission issues)

By | June 21, 2016

You may face GPO issues after installing Microsoft security patch MS16-072, like Printers installed through group policy is not working, Drive mapping is not working and any other typical GPO  problems caused by group policy settings aren’t getting applied to the client systems, affected operating systems are Windows 8.1& 10, Windows Server 2008 and 2012 R2

Also Read: Difference between Windows cumulative update and native Microsoft Windows update

Microsoft release MS16-072 to fix the vulnerability in Microsoft Windows which break the production Group Policy, what really changes and why this issue occurs, how to prevent and fix this

Also Read: Compare Installed Windows Security Patches with affected and non-affected Servers to isolate and fix the issue on Windows Server

Issue:

Group policy with the security filtered may fail to apply

Why:

Normally all security filtered Group policies will have a read and apply permission to the respective security groups, so that policy will apply only those users who member of the security group

This issue occurs if read permission is missing to the computers account which user is using

Solution:

A simple solution is you should add the Active Directory computer account to a security group or give Domain computers group / Authenticated Users to read permission to fix this issue for all the domain-joined computers, steps are

  • Open GPMC.MSC (Group Policy Management Console)
  • Select the policy
  • on the right side of the console, select delegation
  • Add the Authenticated Users and select read Permissions
  • Add the Domain Computers and select read permissions

Also Read: Windows Group Policy Interview Questions and Answers

This patch does not affect the Computer-based policies, only affects User policies and use the above procedure to fix the issue, more about the patch (https://support.microsoft.com/en-us/kb/3163622)

More about Windows Server 2016 and Windows Server 2012 

One thought on “Group policy is not applying/working after patching (GPO Permission issues)

Leave a Reply

Your email address will not be published. Required fields are marked *