none
MS16-072 GPO Mapped drives present on network boot, Not present off network boot. Used to remain with red X disconnected.

    Question

  • I believe I am having issues related to MS16-072 ( KB3159398 ).

    All my user based GPOs have either Authenticated Users in the security filter ( with read access in the delegation tab ) or Domain Computers in the delegation tab with read access. One of our user GPO's map a network drive for users based on an AD group membership.

    Our help desk started receiving calls after we pushed out this months patches about mapped drives not being there while the user was connected through VPN.

    While running through some attempts to reproduce the issue I noticed that if I boot up off the network I no longer have the mapped drive. If I boot up on the network I have the drive mapped.

    Before MS16-072 the mapped drive would still be present in the network locations but in a disconnected state ( Red X ) if I booted up off the network. If I uninstall MS16-072 and do those same two test the drive is present in each scenario. I also get the drive is mapped but disconnected.

    Is anyone else seeing this with MS16-072?

    Thursday, July 7, 2016 6:15 PM

Answers

  • Microsoft just resolved my case. Here is what I learned.

    Prior to MS16-072 you did not need to have the "Reconnect" box checked in the GPO that mapped the drive for it to remain in the Network Locations. Even without an active network connection it was there but in the disconnected state.

    Post MS16-072 the reconnect box is required for the mapped drive to remain in Network Locations even without an active network connection. It now appears as a mapped drive but disconnected.

    Have a great day!

    • Marked as answer by Gwyl Thursday, September 22, 2016 3:50 PM
    Thursday, September 22, 2016 3:50 PM

All replies

  • Hi Gwyl,

    Thanks for your post.

    First, I suggest you try to run the PowerShell script below to check if the problem caused by read permission of Authenticated user and Domain computer.

    MS16-072 – Known Issue – Use PowerShell to Check GPOs

    https://blogs.technet.microsoft.com/poshchap/2016/06/16/ms16-072-known-issue-use-powershell-to-check-gpos/

    Here is an article below about MS16-072 may be helpful to you to fix the problem.

    Deploying Group Policy Security Update MS16-072

    https://blogs.technet.microsoft.com/askds/2016/06/22/deploying-group-policy-security-update-ms16-072-kb3163622/

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Jay GuModerator Saturday, July 23, 2016 11:08 AM
    • Marked as answer by Jay GuModerator Thursday, July 28, 2016 5:48 AM
    • Unmarked as answer by Gwyl Thursday, September 22, 2016 3:50 PM
    Friday, July 8, 2016 1:44 AM
    Moderator
  • Microsoft just resolved my case. Here is what I learned.

    Prior to MS16-072 you did not need to have the "Reconnect" box checked in the GPO that mapped the drive for it to remain in the Network Locations. Even without an active network connection it was there but in the disconnected state.

    Post MS16-072 the reconnect box is required for the mapped drive to remain in Network Locations even without an active network connection. It now appears as a mapped drive but disconnected.

    Have a great day!

    • Marked as answer by Gwyl Thursday, September 22, 2016 3:50 PM
    Thursday, September 22, 2016 3:50 PM