User group policy not updating
Before MS16-072 is installed, user group policies were retrieved by using the user’s security context.After MS16-072 is installed, user group policies are retrieved by using the machines security context.I am unable to determine how and why those terminals fail to update to the correct GPO. Try clearing the Group Policy cache locations - delete the folders Program Data\Group Policy and Program Data\Microsoft\Group Policy. If things still aren't working after that, have a look at your event log and update your question with anything relevant.These folders only contains 1 other empty folder Trace, and nothing special in event viewer just: "The Group Policy settings for the user were processed successfully.When testing the policy for the machine and the username being used, the policy results state that the policy will be successful.When testing the RSo P for the machine and user account, the only user account that comes back from the workstation as available to test against, is a local admin account for the local machine.The KB article (KB3163622) has now been updated to show both the MS16-072 changes the security context with which user group policies are retrieved.This by-design behavior change protects customers’ computers from a security vulnerability.
Third is for power users that adds additional drive maps and folder options.This issue may occur if the Group Policy Object is missing the Read permissions for the Authenticated Users group or if you are using security filtering and are missing Read permissions for the domain computers group Power Shell script: MS16-072 – Known Issue – Use Power Shell to Check GPOs So, while it seems Microsoft is sort of blaming customers for their implementations of Group Policy security, there's a bigger factor here I hope doesn't get lost in the shuffle.We can thank Microsoft for delivering the recommended resolutions, but those didn't deliver until AFTER the patch caused customer pain.Yesterday, I raised a red flag about a security patch from Microsoft this week that is breaking Group Policy for a number of customers.The issue, as it turns out, is due to how customers have implemented Group Policy permissions.
Search for user group policy not updating:
On 2 of my Remote Desktop Servers the GPO updates are applied correctly.