Sep 16 2019 04:49 AM
Sep 16 2019 04:49 AM
We've recently started deploying Windows 10 1903 (First Win 10 version too...) with SCCM 1902 with MDT and group policy appears to apply, according to the logs but then we find certain settings not actually applied, even though a gpresult shows them as being applied.
Checking the various reg keys etc. for our policy settings on a client, I have seen that all of our GPO settings get applied and then some but not all get mysteriously removed, for example the Interactive Logon message gets applied but then removed, as in the registry value is removed.
Running a gpupdate /force after this has happened, appears to fix the issue.
However using the SMSTSPostAction variable to run a script or command to update Group Policy, doesn't work either, the script/command runs (As per log files) but the above does still occur until we run a gpupdate /force (A ordinary gpupdate does nothing, so most of the time reboots etc. do nothing).
We have no Group Policy related Group Policy settings (As in the ones that control whether CSEs process during slow links etc. and whether they process even though there are no changes) and we cannot find any other reason for this not to work correctly.
I think until we find a fix, using the RunOnce reg key/value maybe the workaround...
Would someone at Microsoft be able to confirm whether this is a confirmed issue at Microsoft and whether there is a fix for it please? Or if there is a fix incoming as potentially some of our security related GPOs are not being correctly applied.
Oct 02 2019 01:31 AM - edited Oct 02 2019 01:31 AM
@vandammages Unfortunately not, disappointed that Microsoft are not acknowledging this issue, this is potentially an enterprise issue affecting lots of customers... We thought things were improved after installing the September cumulative update, but it appears there maybe still some issues
Oct 21 2019 05:40 AM
Nov 18 2019 08:25 AM
We have this issue on 1909 some security settings not applied or removed later. I'm not sure what to configure for our server shares.
Nov 19 2019 06:10 AM
Dec 03 2019 01:24 AM
Dec 03 2019 01:25 AM
Jun 03 2020 09:26 AM
Jun 04 2020 12:16 AM
Nothing official from MSFT so far.
Here's another issue we had to deal with: https://www.borncity.com/blog/2020/01/10/windows-10-v1909-und-ein-mgliches-gpo-problem-teil-2/ So we must remove some Defender-GPO's to make things work again.That's very annoying.