none
Windows 10 Creators Update 1703 won't accept gpo that creates or updates local users RRS feed

  • Question

  • Hi everyone,

    Has anyone noticed with the latest Win 10 1703, gpo that creates or updates local users won't work? It says that the password is not complex but I am pretty sure that it is. 

    By the way this gpo used to work, I deleted the gpo and built it up from scrap, still no go! 

    Anyone?

    Tuesday, June 20, 2017 2:01 PM

All replies

  • Hi,
    In my experience, it might be caused by that the computer lost the trust relationship with DC. In this case, please have a try to reset the computer account of a problematic client in the ADUC on DC, alternatively, you could try to re-join it to domain and see if it helps.
    In addition, the same group policy settings are located under Computer Configuration or User Configuration, please have a try to set up in the another configuration node and apply the GPO to see if the same error happens.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, June 21, 2017 7:31 AM
    Moderator
  • > Has anyone noticed with the latest Win 10 1703, gpo that creates or updates local users won't work?

    No. I noticed that this doesn't work anymore since MS14-025. Most others probably as well.

    :=)

    Wednesday, June 21, 2017 10:30 AM
  • Hi,

    Thanks for the reply, the client is a freshly installed computer. It was set up using the latest ISO that has 1703 update from Microsoft website.  Moreover I thought somehow the ISO might have been damaged so I downloaded it again and try installing OS on different clients-all fresh install-but it's all the same with the new installs as well.

    I have win7 computers on premises so when I check them, the gpo works well. Only problematic clients are 1703's. 

    One peculiar thing is that I just installed a Win10 1703 and did not let it get the updates, applied gpo and local users got created!  So I am thinking that latest patches to 1703 are causing the problem.

    Thursday, June 22, 2017 5:15 AM
  • I do! That's why I created this page. I also read some articles of Microsoft letting go of old gpo options. Some of them are deprecated. So now I am thinking this user creation problem is one of them. 

    I tried digging the latest ADMX files but got nowhere. Environments like I have are going to experience serious problems if this is not fixed as soon as possible. We are talking about thousands of client PCs..

    Thursday, June 22, 2017 5:18 AM
  • Here is an article that discusses the issue more in depth:

    MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege: May 13, 2014


    Rolf Lidvall, Swedish Radio (Ltd)

    Thursday, June 22, 2017 7:41 AM
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, June 26, 2017 1:30 PM
    Moderator