A recent cumulative update to Windows 10 is causing headaches for IT administrators who are experiencing problems with their Group Policy Object (GPO) capabilities.
Specifically, admins are complaining that after installing the KB5017308 update for OS Builds 19042.2006, 19043.2006, and 19044.2006 that was introduced in the September 13 Patch Tuesday batch of releases, the GPO was no longer able to create or keep shortcuts that are used by end users.
Many users found the only way to correct the issue was to uninstall KB5017308, which allows for normal GPO operations but also eliminates the upgraded security capabilities the update provided. That said, one independent adviser suggested users experiencing problems “pause” the update until a solution can be found.
“GPO file copy seems to not work properly (shortcuts lose their icon and batch file is blank),” one user posted on Reddit, adding they “can no longer deploy programs from Lansweeper.”
Another Reddit post echoed the problem.
“Specifically, we copy a batch file into publicdocuments, then copy a shortcut to the current user’s desktop to run it,” they wrote. “Since the update, the icons are not transferring over for the shortcut (ie they are blank icons now) and the batch file is actually empty when copied over. It also appears to stop us being able to deploy from Lansweeper, as soon as we uninstall, it fixes it.”
On a Microsoft support site, a user posted that they had “almost the identical problem. All OK when I uninstalled but a little apprehensive because of the security updates. Today the update installed again, and the exact same thing happened … Again!!! Uninstalled …. Again!!!”
They said they were “waiting now for it to download and reinstall itself again which will probably cost me yet another 2 hours updating and uninstalling. We need this fixed now!!!”
Microsoft noted the update was made to address security issues in the operating system.
While many users pointed to manually uninstalling the update as the answer, some administrators in the Microsoft support sites have suggested users can fix the broken desktop shortcuts problem by unchecking the “run in user security context” setting.
One user wrote that they assumed the “run in security context” was needed for the %userprofile% variable to work, but found it isn’t.
For its part, in its description of KB5017308, Microsoft outlined how users can remove the combined latest cumulative update (LCU) and service stack update (SSU) after they’re installed.
The company said administrators can “use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages. Running Windows Update Standalone (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.”
The Register has asked Microsoft for comment on the issue. We’ll update the story with any response. ®