It’s NOT a Group Policy Bug… !!


<Rant mode on>

So I go a little BSC (That’s Bat-Spit Crazy) when I read
“Group Policy Bug takes over the earth”.

As you might expect, my hackles go up…
(And, if you’re not a dog, where, exactly **ARE** your hackles? Just sayin’)

Anyway.. This latest up-hackles occurred when I read
the beginning of, and now the end of items like this.

(These are all reporting the same thing, and basically the same way..)

(Note: The HTTP and HTTPs are removed so there are no links.. on purpose.)

They’re all saying that this is a “Group Policy Bug.”
(which is now fixed by the way… see below)

Annnnd.. No it’s not a Group Policy bug. It just isn’t.

A Group Policy bug would be something like:

1. You run GPupdate and it explodes. (This doesn’t happen.).
2. You have conflicting values and the final value is not present (This doesn’t happen.).
3. You click in the GP / MMC editor and it explodes (This can happen due to some underlying MMC code, etc.)
4. Data saved in the MMC and written to SYSVOL doesn’t make it there in one piece. (This is super insanely rare, but can happen when YOUR GPMC/management machine is over a slow link to a DC.)
5. You get data to the endpoint, but the CSE (internal to Microsoft or 3rd part CSE) does the “wrong thing” (this can happen from time to time.)

But NONE of that type of thing happened here.

So.. What occurred in this latest “Not really a Group Policy” bug ?

Nothing. Nothing at all that has to do with Group Policy anyway.

What DID happen is that:

1. Admins used the GP MMC editor to make a value change. The MMC worked as expected.
2. Data was saved in SYSVOL perfectly.
3. The Admin Templates CSE / REG.POL CSE performed perflecty and delivered the value as expected.
***THE END** … in terms of Group Policy doing its job.

What happened next?

The Windows Update engine on Windows 10 had a bug in it which read the value.. (anything except zero).. as “Never update ever again, like ever, please.”

Then Microsoft made a patch to fix the Windows Update engine to honor the zero and make it work as expected which is “Update when I tell you, as per the setting in policy.”

So *WHY* is this maligned and deemed as a Group Policy bug?

It’s not. It simply isn’t a GP bug.

Here’s what this would look like if this wasn’t Group Policy:

You: I’m going to use FedEx to deliver a nice sweater to my friend Steve directly from Amazon.
Steve: I got the sweater from FedEx. And I took it out of the box, but it doesn’t fit *AND* is in shreds, actually.
You: That’s crazy.. I’m really sorry to hear it.
Steve: DAMN YOU, FEDEX for delivering the sweater!! And screw you Amazon for putting it in a box!
You: Wait.. isn’t it the maker of the sweater you should be mad at?
Steve: That makes no sense ! I want to be mad at FedEx and Amazon !!!

This kind of maligning to GP is is what gives Group Policy a BAD NAME, and something I’m (clearly) passionate about eradicating.

So, go ahead.. find these bloggers and people in the press and tell them straight.

GP worked perfectly… The “Package” from Amazon was put in the box correctly. FedEx delivered the box. But when it got there, the sweater was in tatters.


The bug was in the Windows update engine. And (if I have my story right,
fixed with KB4051963 and should be in the December 2017 Windows 10 update.)

Sooooo… to recap:

– This wasn’t a Group Policy bug.
– It was a Windows Update engine bug. And that’s what was fixed.

The end.

</Rant mode off>

And, back to friendly happy Jeremy land.

If you made it this far… BIG announcement coming on Friday.

See you then !