none
Windows 10 1903 local security polices gets reset RRS feed

  • Question

  • Hey!

    So this problem's been driving me mad for the last few days. I'm going to upgrade a clients computer to Windows 10 Enterprise 1903 from 1809. Problem is I'm dealing with local polices since it's an offline computer. 

    The problem is that after I import the STIG policy for Windows 10 it works fine, but then as soon as I edit something in gpedit a bunch of the security polices gets reset and then I have to delete the C:\Windows\system32\grouppolicy folder and then apply the STIG pack again to fix it and the cycle repeats. Though that maybe the ISO I used to install was corrupted so I ran SFC /scannow, but nothing.

    Also tried downloading the Windows 10 Enterprise 1903 evaluation ISO from Microsoft, but it had the exact problem. Tried to download the latest security updates and the latest update from the update catalog too, but nothing.

    It's so weird since everything worked great on Windows 10 Enterprise 1809 version that I was running previously. 

    So has anything encountered this before? Or got any tips on what I can try cause I'm out of ideas!

    Thursday, November 7, 2019 8:32 PM

All replies

  • As it is getting reset automatically so try to reset it manually.

    1. Open an elevated command prompt.

    2. Enter the command below for your Windows, and press Enter:

    secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

    3.Restart.


    S.Sengupta,Microsoft MVP Windows and Devices for IT, Windows Insider MVP

    Friday, November 8, 2019 12:08 AM
  • I agree with the idea that the system image has something wrong, kindly use a clean Enterprise iso to in-place upgrade current system, this way can fix system issues.

    Then import the STIG policy as before to check result.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 8, 2019 2:06 AM
    Moderator
  • I agree with the idea that the system image has something wrong, kindly use a clean Enterprise iso to in-place upgrade current system, this way can fix system issues.

    Then import the STIG policy as before to check result.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Yeah, that'd be my first respons too. But as I tried with the W10 Enterprise 1903 Trail version that you can download it feels like the ISO isn't the problem here. Tried them on two diffrent VMs too. But I'll try download the ISO again to dubble check!
    Friday, November 8, 2019 7:24 AM
  • As it is getting reset automatically so try to reset it manually.

    1. Open an elevated command prompt.

    2. Enter the command below for your Windows, and press Enter:

    secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

    3.Restart.


    S.Sengupta,Microsoft MVP Windows and Devices for IT, Windows Insider MVP

    Just tried this, didn't work though. I also got a new fresh ISO but I'm experiencing the exact same problem when using that :/
    Friday, November 8, 2019 4:43 PM
  • Would you mind letting me know the update of the problem? If you need further assistance, feel free to let me know.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 11, 2019 9:04 AM
    Moderator
  • Would you mind letting me know the update of the problem? If you need further assistance, feel free to let me know.

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Hey, thanks for your checkup. Well I tried with a new ISO and I still have the same problem. Also tried with a fresh installed VM and running the command you suggested. Still no dice.

    It's so weird cause this worked perfectly on the 1809 installation I was running previously. Any other suggestions/logs i can check or something?

    Thanks in advance!

    Monday, November 11, 2019 4:00 PM
  • So after lots testing there seems to be a bug in 1903, involving local polices. The UAC settings and a few other setting from the security template .inf file doesn't seem to be applied correctly, and when it does it gets reset after restart. It's just really weird and buggy. 

    Only works again when logging out and then back in. For example, turning on SAK for login works, until you restart, then it doesn't get applied during startup. However if you then log out then it suddenly works. This is despite the reg key being set to the correct value.

    My solution was to just go back to 1809 instead, tried the exact GPO backup and secDB.sdb I was using on 1903 and it worked great!

    I'll just have to wait for 1909 or for Microsoft to fix 1903!

    P.S if anyone wanna try this, just get the trail Windows 10 Enterprise 1903 from Microsoft then download the October STIG and try to apply it with LGPO.

    Tuesday, November 12, 2019 7:44 PM
  • Well, you could feedback this situation via Feedback Hub app, I will also submit this case.

    1909 has released now, you could go to Microsoft website to download


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 6, 2019 8:54 AM
    Moderator