Microsft has just published a post about the MS16-072 hotfix that was release this month. Needless to say there has been a lot of organisation caught off guard by this change wanting to know how to fix the problem. However what is also more confusing is there are actaully two different ways to fix this problem. You can either add back the “Authenticated Users” group with “Read” access or you can add the “Domain Computers” group with read access.
There has also been a lot of debate in the Group Policy community about what is the “best” way to fix this problem. Should you add “Authenticated Users” or “Domain Computers”? Personally i think adding “Authenticated Users” read permission back is the way to do it as this restores the original permission that was removed in the first place. It also means the permission applied to you GPO’s will be consistent which is always highly desirable attribute for supporting any envrionmnet. However, you might have some settings in your GPO that you want to obfuscate from the users. If this is the case then adding “Domain Comptuers” read access is also totally valid. Doing for security filters user Group Policy Objects will mean that that normal users will not be able to read the settings. But, be absolutley clear this will only obfuscates the GPO settings, as a local admin could still conceviable run the as the local machine system account and read the settings. Yes it is a way to hide your organisations settings from a bag guy, but it also might make troubleshooting GPO polices harder as non-domain admins will no longer be able to see all the GPO’s.
Ultimatly it is your decision as to how you want to fix the problem. Either add “Autenticated Users” or “Domain Computers” but either way, make sure you review all your security filtered Group Policy Objects to make sure the permission are added to the GPO so they work.
RT @alanburchill: Official Microsoft Guidance for MS16-072 Breaking Security Patch: Microsft has just published a post… https://t.co/dtmz…
RT @alanburchill: Official Microsoft Guidance for MS16-072 Breaking Security Patch: Microsft has just published a post… https://t.co/dtmz…
Derek Thompson liked this on Facebook.
Rick Chan liked this on Facebook.
Calvin Chen liked this on Facebook.
Matt Simpson liked this on Facebook.
Joseph Ortega liked this on Facebook.
Nick Messerschmidt liked this on Facebook.
Vijay Kumar Bhudala liked this on Facebook.
Aaron Young liked this on Facebook.
Jarrod Beebe liked this on Facebook.
Thala Sathish Varma liked this on Facebook.
Dmitry Antonov liked this on Facebook.
Overkiller A KaYa liked this on Facebook.
Ken Stone liked this on Facebook.
Dinesh Kumar liked this on Facebook.
RT @alanburchill: Official Microsoft Guidance for MS16-072 Breaking Security Patch: Microsft has just published a post… https://t.co/dtmz…
RT @alanburchill: Official Microsoft Guidance for MS16-072 Breaking Security Patch: Microsft has just published a post… https://t.co/dtmz…
RT @alanburchill: Official Microsoft Guidance for MS16-072 Breaking Security Patch: Microsft has just published a post… https://t.co/dtmz…
Angele Mwika liked this on Facebook.
Jose KoLo liked this on Facebook.
James Williams liked this on Facebook.
Nafiz Ahmed Shuvo liked this on Facebook.
RT @alanburchill: Official Microsoft Guidance for MS16-072 Breaking Security Patch: Microsft has just published a post… https://t.co/dtmz…
Maurice H Rich liked this on Facebook.
RT @alanburchill: Official Microsoft Guidance for MS16-072 Breaking Security Patch: Microsft has just published a post… https://t.co/dtmz…
RT @alanburchill: Official Microsoft Guidance for MS16-072 Breaking Security Patch: Microsft has just published a post… https://t.co/dtmz…