User group policy not updating
Before MS16-072 is installed, user group policies were retrieved by using the user’s security context.
After MS16-072 is installed, user group policies are retrieved by using the machines security context.
A set of such configurations is called a Group Policy Object (GPO).
As part of Microsoft's Intelli Mirror technologies, Group Policy aims to reduce the cost of supporting users.
To accomplish the goal of central management of a group of computers, machines should receive and enforce GPOs.Yesterday, I raised a red flag about a security patch from Microsoft this week that is breaking Group Policy for a number of customers.The issue, as it turns out, is due to how customers have implemented Group Policy permissions.This is done on purpose by Microsoft through a design change delivered in a Windows Update security fix that silently changes the way GPO must be configured to work.All Group Policy Objects configured in the way Microsoft has recommended the last 16 years will stop to work.