• Home
  • Consulting
  • Contact Us
    • About this site
    • Contact Wayne
    • Media Room
    • Wayne’s Bio

SBSFAQ.COM

Supporting IT Pro's & MSP's since 2000

  • Blog
  • FAQs
  • Reviews
  • Downloads

Group Policy not working on SBS 2008, SBS 2011 and Windows Server 2008/2008R2 since MS16-072

June 21, 2016 by Wayne Small 1 Comment

Further to the blog post I put up yesterday, I’ve now done additional testing and found that the script referenced in the article here is not quite right.  Also – I’ve found that there is some specific problems with this on SBS 2011 and likely SBS 2008 as well.

Firstly, the script – It turns out there are different PowerShell commands for GP Permissions in 2008/2008R2 vs later versions of Windows.  It is noted within the script itself, but the note is not correct.  The fix is simple – replace the Get-GPPermission and Set-GPPermission commands with Get-GPPermissions and Set-GPPermissions in the script and it will work fine.

Secondly – given we have a large number of SBS sites still, I did some specific testing with it.  The analysis script shows on a default install as below

image

This means that the following policies are affected by this issue and MAY NOT APPLY if you don’t add the Authenticated Users as READ on the Delegation tab for that GPO.

  • Windows SBS User Policy
  • SharePoint PSConfig Notification Policy
  • Update Services Server Computers Policy
  • Update Services Client Computers Policy

If you run the original version of the script, you will find it fixes the first two GPOs, but leaves the Update Services policies as “broken”

image

Cool – I thought – we can use this and we’ll be fine.  However, one of our techs highlighted to me that 10 minutes after running the script, that the Windows SBS User Policy was “broken” again and would not apply.  We found this out as the previous IT company had placed printer deployment settings within this GPO and the printers appeared when we fixed it but later disappeared (we’ve moved the printers into their own GPO now)

I’ve done some investigation now and it appears that SBS modifies this GPO on a regular basis and removes the Authenticated Users group from it.  This means that unless Microsoft modify the SBS 2011 code, that any GPO settings within that policy will not be applied to users computer.  We are talking specifically about the Windows SBS User Policy here – the other policies appear to be fine to me.

Potential Solution:  Given I don’t expect Microsoft to fix this given SBS is a dead product as they repeatedly tell us, the only solution I can see is to duplicate the Windows SBS User Policy itself and manually apply permissions OR move the functions you have within this GPO into another GPO and handle it from there.

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to print (Opens in new window)

Filed Under: Blog Tagged With: Microsoft, Patches

About The Author

Wayne has been working with Microsoft Server products in the SMB market for over 20 years. He has a passion for technology and been a Microsoft MVP for over 15 years. Read More…

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Connect Online With Us

  • Facebook
  • Twitter

Reviews

Splashtop – Cost Effective Remote Control Software

September 22, 2017 By Wayne Small 2 Comments

Western Digital DL4100 NAS

March 3, 2015 By Wayne Small Leave a Comment

SBS 2011 Configuring Certification Guide (70-169)

August 7, 2012 By Wayne Small 4 Comments

Site News

Exchange Bug Stops Mail Delivery in 2022

January 2, 2022

Huge bug found in Intel CPU that could permit hackers to steal your data

January 4, 2018

Recent Posts

  • MS Exchange Zero Day and RemotePowerShell Disabling on Admin accounts
  • Setup changes for Exchange 2016 and Exchange 2019
  • Bluetooth Mouse and Keyboard Randomly Stop Responding
  • Exchange Bug Stops Mail Delivery in 2022
  • How to open and search extremely large text log files

Tags

Antivirus Backup Business Focus Cloud Computing Community Conferences Disaster Recovery Exchange 2010 Exchange Server Future Products Hyper-V Installation Microsoft Migration Patches Personal Rants SBS 4.5 SBS 2000 SBS 2000 SP1 SBS 2003 SBS 2003 Premium SBS 2003 R2 SBS 2003 R2 Premium SBS 2003 R2 Standard SBS 2003 SP1 Premium SBS 2003 SP1 Standard SBS 2003 Standard SBS 2008 SBS 2008 R2 SBS 2011 SBS 2011 Essentials SBS 2011 Standard Security Service Packs ShadowProtect SMB Community Software Software I use StorageCraft Training TrendMicro Troubleshooting Virtualisation Windows Server 2012 Essentials

Terms of Use

Privacy Policy

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in