Must have seen this recent Windows update that broke GPOs which were missing the Read permission for the “Authenticated Users” group. Solution is to get a list of these GPOs and add the “Authenticated Users” group to them. Here’s a one liner that gets you such a list –
1 |
Get-GPO -All | %{ $GPO = $_.DisplayName; $Perms = (Get-GPPermissions $GPO -All).Trustee.Name; if (!($Perms.Contains("Authenticated Users"))) { "$GPO" } } > GPOs.txt |
This puts it into a file called GPOs.txt in the current directory. Remove/ Modify that last re-direct as needed.