back to article Admins run into Group Policy problems after Win10 update

A recent cumulative update to Windows 10 is causing headaches for IT administrators who are experiencing problems with their Group Policy Object (GPO) capabilities. Specifically, admins are complaining that after installing the KB5017308 update for OS Builds 19042.2006, 19043.2006, and 19044.2006 that was introduced in the …

  1. Jan K.

    Wonder how many hours globally are wasted while dealing with these "issues"?

    Here's a tiny, free tip for Microsoft: stop packing multiple types of updates into single packages...

    Asking Ms to stop force-feeding updates unto innocent users is probably a step too far...

    Good grief.

    1. daflibble

      It certainly beats the cluster F&*k of individual hotfixes we used to have. Managing that tangled mess was no fun. Although I would appreciate MS having more of a testing team to find and fix these still too common issues before rolling them out to millions of paying customers would be nice

      1. Anonymous Coward
        Anonymous Coward

        That's how they get you.

        The shift off individual updates was for two reasons, neither of them to do with making your life easier. It was primarily to cut down on QC time at Microsoft's end, and they only had to test the roll-ups, not individual patches and their dependencies. Second is wallpapered over the crippling problems with the client side of windows update on 2016 and earlier releases. So many small patches would take longer to apply then the roll-ups.

        This simple acted as an enabler for the worst habits of the update team. The stopped even pretending to do real QC after the roll-ups were introduced, and even with the rollups the 2016 and earlier update code was cripplingly slow. Instead of addressing this by backporting the update code to the earlier OS versions, they hoped we'd all just jump on the then brand spanking new 2019 server.

        So we as admins/users collectively went from finicky individual updates that were slow, to monolithic updates that are also buggy and slow, but if one 4.5 rating CVE fix in the rolloup is bad, you have to uninstall the 9.8 rated RCE fix that's also in there. It's not faster, it's not more reliable, but when there is a problem the result is a long exploitation window with tons of visibility.

        The better solution is to fix the updater and installers so fixes can be grouped and tested, but individually blocked or rolled back, and so a 25mb patch file doesn't take 45m and a reboot to install. Reboots should be for installing hardware.

        1. ChoHag Silver badge

          Re: That's how they get you.

          As right as you are about the rest, Microsoft still has you blinkered at the end.

          Reboots should not be required. At all.

        2. EnviableOne

          Re: That's how they get you.

          Apparently there is a thing called Known Issue Rollback, where (once MS deign to release one) allows the OS to run the old code instead of the patch.

          TBF it would be easier rather than including double the code for everything if they hadn't sacked their QA and testing bods, and actually shipped stuff that worked

  2. jeff_w87

    Apparently not just GPOs and shortcuts in a Domain

    All the shortcuts on my home Windows PC all of sudden ended up with a .url extension and would no longer work. Removing the .url extension from the name did not help either. It would be really nice if Microsoft would spend some of their billions to actually, properly QC this trash OS before sending out patches to have their users Beta test for them.

    1. ThatOne Silver badge

      Re: Apparently not just GPOs and shortcuts in a Domain

      > It would be really nice if Microsoft would spend some of their billions to actually, properly QC this trash OS

      Seriously, why would they do such a stupid thing? Does it harm their bottom line? No. Does it improve profits? Yes.

    2. david 12 Silver badge

      Re: Apparently not just GPOs and shortcuts in a Domain

      .url shortcuts are a common kind of shortcut -- notably used for WWW shortcuts, but actually also used to locate other kinds of 'resources' on your computer (URL = universal resource locator).

      When you start seeing the .url file extension, it doesn't mean that something has 'added' .url. It means that the URL handler association is broken.

      In this case, probably broken by a 'security' change that further restricts the use of URLs. Security restrictions on URLs have (historically) been put in place because of that ambiguity that allows them to point to both local and remote resources.

  3. Lorribot

    There are other options that could make you happy, you just have to take the first step

    For those that hate Windows, its updates and MS generally stop using it and move to MacOS, find a Linux Distro that works for you or even sell your soul to ChromeOS.

    Then you can feel smug about your choice as you have done something positive and you can get on with your life and manually patch when ever you feel like it if you even think it is a requirement.

    Be happy that at least on PCs you have several choices that can fit any pocket and any personal security requirements you may have unlike mobile phones.

    1. Totally not a Cylon
      Linux

      Re: There are other options that could make you happy, you just have to take the first step

      My dual-boot PC (primarily Ubuntu but duals into Windows 10 for World of Warships) had updates to both systems last night.

      Windows 2 restarts for 2 big 'updates'

      Ubuntu updated the snap-store quietly and then a whole host of core updates also quietly with no restart demanded just recommended......

      I know which I would recommend for a 'work environment'

    2. ChoHag Silver badge

      The year of the ...

      Surely *this* week will be the week of the stable microsoft desktop patch?

      Nope? Oh well. Trundle on. Surely *next* week will be...

    3. Flywheel

      Re: There are other options that could make you happy, you just have to take the first step

      I did that years ago and have never regretted it. I love my Linux updates which are fast, unobtrusive and often release space after the updates are complete. Reboot? Nope - rarely.

      I installed a (legal) copy of Windows 10 Pro 64 bit on Virtualbox though, just because I need to run "real" Excel occasionally and yes, all it does is updates, updates and more updates.

    4. Michael Wojcik Silver badge

      Re: There are other options that could make you happy, you just have to take the first step

      Not an option for my work machine. Not running Windows is just possible here, but it requires a lot of time and effort to deal with all the corporate stuff. And I have to develop for Windows as well as Linux and a handful of UNIXes, and Windows is the least amenable to remote work or (on a laptop) running in a VM. It's simply much cheaper for me to keep the corporate-supplied Windows as the host OS on my work laptop, despite all the things wrong with Windows.

      And, of course, with any of the Linux distributions we support for the products I work on, I'd have the accursed systemd anyway, so it's not as much of an improvement as one might think. On Windows I already have a UNIXy development environment courtesy of Cygwin (which I've been using for many years; I don't see any compelling reason to switch to WSL2).

  4. Jamesit

    Two words: Quality Assurance. It might be a good idea to test updates before releasing them.

    1. yoganmahew

      It's a horror show. Pinned documents lose their pinning. Recently updated is a joke. Quicklinks seem to be deprecated because opening an open/save menu scrolls to the bottom of the tree, to where I don't want to be. New Whiteboard doesn't store recent Whiteboards locally, so they aren't in the previous file list.

      I can find nothing. I know I wrote a document last friday, I thought I put it in Onedrive in the normal place, but it is gone. So I rewrite it, save it with the same name as I thought I used... would you like to replace? Would I ducking like you to remember what I did and where I did it?

      And it's all soooooooooooooooooooooooooooo slow :(

    2. Alumoi Silver badge
      Joke

      You're joking, right?

      When you have millions of beta testers out there, with impossible to completly disable telemetry baked in the OS, who needs QA?

  5. hplasm
    Linux

    Looking at the 'fixes' suggested-

    It seems that the average Windows user needs the command line more than the average Linux user now.

    How have the turns tabled, eh?

  6. An_Old_Dog Silver badge
    Windows

    Microsoft

    ... has lots of smart people working for them. Having lots of smart people working for a company or an organization doesn't help when that company or org is crippled by sheer size and internal politics.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like