Security Patch MS16-072 Breaks GPO on SBS 2008, SBS 2011, and Windows Server 2008/2008R2

Microsoft recently released security hotfix MS16-072 last week. This patch attempts to improve GPO security. But as my fellow MVP’s Susan Bradley and Wayne Small have discovered, this new security update can actually break certain GPO based processes, such as WSUS.

Note: Microsoft has not released a fix to this, nor are we expecting them to do so. But the blog posts below offer instructions for manually fixing this issue.

Here are the two blog posts that Wayne Small posted on his site, identifying the problem and suggested work arounds:

Susan Bradley forwarded the following post from Group Policy Central which includes a PowerShell script and further instructions from Microsoft to manually fix this problem.

Leave a Reply