GPMC error for "Security Options" after Updates 2020-09 in Windows Server 2016 Domain Controllers

Hofstetter Martin 46 Reputation points
2020-09-11T07:36:03.623+00:00

We have found that if a Windows Server 2016 DC has been patched with the current Cumulative Update 2020-09 and Servicing Stack Update 2020-09, the "Security Options" in a policy can no longer be opened in the GPMC afterwards. It is not clear which of these two updates really causes this. Windows Server 2019 DCs seem not to be affected.24073-gpmc-error.jpg

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,402 questions
{count} votes

Accepted answer
  1. Hannah Xiong 6,236 Reputation points
    2020-10-21T01:07:36.127+00:00

    Hello,

    Microsoft had released the new KB4580346 to fix this issue. This release addresses an issue that might prevent you from accessing the Security Options data view in the Group Policy Management Editor (gpedit.msc) or Local Security Policy Editor (secpol.msc). The error is, "MMC has detected an error in a snap-in”.

    https://support.microsoft.com/en-us/help/4580346/windows-10-update-kb4580346

    Thanks.

    Best regards,
    Hannah Xiong

    2 people found this answer helpful.
    0 comments No comments

10 additional answers

Sort by: Most helpful
  1. Davide Radice 21 Reputation points
    2020-09-17T18:25:54.27+00:00

    Workaround

    • Use a non-RS1 OS to edit GPOs. For example, install the GP admin tools to a client OS.

    • The crash can be avoided by deleting the following registry key. Please make sure to export the reg key before deleting anything. Deleting the key will cause the “Interactive logon: Display user information when the session is locked” policy to not appear in the console. (The policy is still effective, but you can’t see it in the UI to edit it). You will need to import the key back later, after the fix has been released.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId

    4 people found this answer helpful.
    0 comments No comments

  2. Günter Born 16 Reputation points
    2020-09-12T21:39:02.903+00:00

    I received also a notification from a German user, that has been facing this issue. I've blogged about that at windows-10-v1607-update-kb4571694-creates-id-5827-events-bricks-mmc

    It seems that update KB4577015 is causing this issues. Thx for posting/confirming

    2 people found this answer helpful.
    0 comments No comments

  3. Hannah Xiong 6,236 Reputation points
    2020-09-11T09:59:37.103+00:00

    Hello,

    Thank you so much for posting here.

    After finishing installing 2020-09 Cumulative Update for Windows server 2016 Domain Controller, the Security Option MMC also could not be opened in my AD environment. I am doing the research and will come back to you next week.

    24115-1.png

    24125-2.png

    Thank you so much for your time and support.

    Best regards,
    Hannah Xiong

    0 comments No comments

  4. Andrew Solmssen 96 Reputation points
    2020-09-13T10:27:09.043+00:00

    I am being affected by this as well - Windows Server Essentials 2016 VM, just updated to 2020-09 patches, trying to edit group policy settings for Computer Configuration - Policies - Windows Settings - Security Settings - Local Policies - Security Options. I get a dialog that an error has occured in wsecedit.dll.

    0 comments No comments