If nothing has changed since the last time the GPO was applied, then the GPO is skipped.
Computer Configuration\Administrative Templates\System\Group Policy Description Specifies how often Group Policy for computers is updated while the computer is in use (in the background).
After MS16-072 is installed, user group policies are retrieved by using the machines security context.
This issue may occur if the Group Policy Object is missing the Read permissions for the Authenticated Users group or if you are using security filtering and are missing Read permissions for the domain computers group Power Shell script: MS16-072 – Known Issue – Use Power Shell to Check GPOs So, while it seems Microsoft is sort of blaming customers for their implementations of Group Policy security, there's a bigger factor here I hope doesn't get lost in the shuffle.
We can thank Microsoft for delivering the recommended resolutions, but those didn't deliver until AFTER the patch caused customer pain.
Isn't this something that should've been identified during testing?
The issue, as it turns out, is due to how customers have implemented Group Policy permissions.
Yesterday, I raised a red flag about a security patch from Microsoft this week that is breaking Group Policy for a number of customers.
If they find changes, they apply them during the next interval.
If you need to apply the change immediately, you can use the following command to trigger the updating process: This command compares the currently applied GPO to the GPO that is located on the domain controllers.
Follow me on Twitter Add me to your Google circles or Connect with me on Linked In Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Agreed; learned about the issue here first, and it's not the first time that's happened.
Group Policy settings refresh automatically every 90 minutes, with a random offset of 0 to 30 minutes so that not all computers in the domain refresh their Group Policy settings at the same time.