search

simeononsecurity / Windows-Optimize-Harden-Debloat

Enhance the security and privacy of your Windows 10 and Windows 11 deployments with our fully optimized, hardened, and debloated script. Adhere to industry best practices and Department of Defense STIG/SRG requirements for optimal performance and security.
https://simeononsecurity.com/github/optimizing-and-hardening-windows10-deployments/
MIT License
1.18k stars 83 forks source link

GPO Update not completing #58

Closed jacoballison closed 1 year ago

jacoballison commented 1 year ago

When running this script on a fresh install of 22H2, GPO updates are not processing with the following errors:

Performing Group Policy Update
Updating policy...
Computer Policy update has completed successfully.
The following warnings were encountered during computer policy processing:
Windows failed to apply the Group Policy Scheduled Tasks settings. Group Policy Scheduled Tasks settings might have its own log file. Please click on the "More information" link.
User Policy update has completed successfully.
The following warnings were encountered during user policy processing:
Windows failed to apply the Group Policy Registry settings. Group Policy Registry settings might have its own log file. Please click on the "More information" link.
For more detailed information, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
WARNING: A reboot is required for all changed to take effect

Attached is a copy of the GP Report, with identifying information redacted.

Of note, Bitlocker setup fails following running the script, although I think that's because the group policy fails.

GPReport.pdf

github-actions[bot] commented 1 year ago

Message that will be displayed on users' first issue

jacoballison commented 1 year ago

Tracked this down a bit better, it points to the schedule updates xml file. If Windows updates and the Internet Explorer tweaks are commented out or unchecked there are no issues updating group policy. Haven't checked to see if there are any bit locker issues when the updates tweak has been unchecked. Likewise, this same bug exists in the optimize/debliat script which uses the same XML.

simeononsecurity commented 1 year ago

Tracked this down a bit better, it points to the schedule updates xml file. If Windows updates and the Internet Explorer tweaks are commented out or unchecked there are no issues updating group policy. Haven't checked to see if there are any bit locker issues when the updates tweak has been unchecked. Likewise, this same bug exists in the optimize/debliat script which uses the same XML.

This is a great find! We will look into and attempt to fix this shortly.

github-actions[bot] commented 1 year ago

Stale issue message