Sep 16 2019 04:49 AM
Hi,
We've recently started deploying Windows 10 1903 (First Win 10 version too...) with SCCM 1902 with MDT and group policy appears to apply, according to the logs but then we find certain settings not actually applied, even though a gpresult shows them as being applied.
Checking the various reg keys etc. for our policy settings on a client, I have seen that all of our GPO settings get applied and then some but not all get mysteriously removed, for example the Interactive Logon message gets applied but then removed, as in the registry value is removed.
Running a gpupdate /force after this has happened, appears to fix the issue.
However using the SMSTSPostAction variable to run a script or command to update Group Policy, doesn't work either, the script/command runs (As per log files) but the above does still occur until we run a gpupdate /force (A ordinary gpupdate does nothing, so most of the time reboots etc. do nothing).
We have no Group Policy related Group Policy settings (As in the ones that control whether CSEs process during slow links etc. and whether they process even though there are no changes) and we cannot find any other reason for this not to work correctly.
I think until we find a fix, using the RunOnce reg key/value maybe the workaround...
Would someone at Microsoft be able to confirm whether this is a confirmed issue at Microsoft and whether there is a fix for it please? Or if there is a fix incoming as potentially some of our security related GPOs are not being correctly applied.
Many thanks,
Luke
Sep 27 2019 11:14 AM
@techylukeHi, I seem to be having a similar issue.. did you get any solution?
Oct 02 2019 01:31 AM - edited Oct 02 2019 01:31 AM
@vandammages Unfortunately not, disappointed that Microsoft are not acknowledging this issue, this is potentially an enterprise issue affecting lots of customers... We thought things were improved after installing the September cumulative update, but it appears there maybe still some issues
Oct 21 2019 05:40 AM
Oct 30 2019 06:44 AM
Oct 30 2019 07:08 AM
Nov 18 2019 08:25 AM
We have this issue on 1909 some security settings not applied or removed later. I'm not sure what to configure for our server shares.
Nov 19 2019 06:10 AM
@techyluke wrote:@vandammages Unfortunately not, disappointed that Microsoft are not acknowledging this issue, this is potentially an enterprise issue affecting lots of customers...
Did you report this to Microsoft Support?
The community forum is not exactly the best place for such expectations ;)
Nov 19 2019 07:04 AM
Nov 25 2019 03:16 AM
@Thilo Langbein was this solved?
Nov 25 2019 03:58 AM
@dpankz Not yet. It looks weird. Some GPO's are not working after a fresh install - but not always the same. Support ticket is still in progress. 1909 is affected too.
Dec 03 2019 01:24 AM
Dec 03 2019 01:25 AM
Dec 03 2019 02:07 AM
Support case is closed. We now set https://gpsearch.azurewebsites.net/#329 to apply security settings, even if there are no changes on the gpo. Whether or not there is a problem with 1903/09 is ultimately unclear.
Jun 03 2020 09:26 AM
Jun 04 2020 12:16 AM
Nothing official from MSFT so far.
Here's another issue we had to deal with: https://www.borncity.com/blog/2020/01/10/windows-10-v1909-und-ein-mgliches-gpo-problem-teil-2/ So we must remove some Defender-GPO's to make things work again.That's very annoying.