Hotfixes - J House Consulting - DevOps, Microsoft, Citrix & Desktop Virtualisation (VDI) Specialist

Script to report on and remediate the Group Policy security change in MS16-072

July 30, 2016June 22, 2016 by Jeremy Saunders

On June 14th 2016 Microsoft released security update MS16-072 under KB3163622 that changes the behavior of Group Policy processing so that user group policies are now retrieved by using the machine’s security context instead of the user’s security context. This is a by-design behavior change from Microsoft to protect computers from a security vulnerability.

Update 23/06/2016: Microsoft finally released an official response to this patch via the Directory Services team: Deploying Group Policy Security Update MS16-072 \ KB3163622

This is a problem for people that implement security filtering on their Group Policy Objects (GPOs), as it removes the default Authenticated Users group not only from the “Apply group policy” permission, but also from the “Read” permission.

Microsoft Windows 2003 Post-SP2 Hotfixes

July 29, 2008May 15, 2008 by Jeremy Saunders

Why should we apply hotfixes?

Some IT Administrators take the approach that if they are not experiencing the issues/symptoms referred to in the knowledge base article; they shouldn’t be deploying the hotfix. However, from experience we understand that the vendor doesn’t always document all issues addressed, so there also needs to be an understanding of previous releases of the same drivers, etc, in other hotfixes.