GPMC error for "Security Options" after Updates 2020-09 in Windows Server 2016 Domain Controllers

Hofstetter Martin 46

We have found that if a Windows Server 2016 DC has been patched with the current Cumulative Update 2020-09 and Servicing Stack Update 2020-09, the "Security Options" in a policy can no longer be opened in the GPMC afterwards. It is not clear which of these two updates really causes this. Windows Server 2019 DCs seem not to be affected.

160MN 1 Reputation point

2020-09-14T17:56:04.53+00:00

Same problem for EN-US servers as well.
TK 1 Reputation point

2020-10-28T19:28:21.663+00:00

Right-click and View In New Window and the Security Options settings show just fine.

Accepted answer

Hannah Xiong 6,231 Reputation points

2020-10-21T01:07:36.127+00:00

Hello,

Microsoft had released the new KB4580346 to fix this issue. This release addresses an issue that might prevent you from accessing the Security Options data view in the Group Policy Management Editor (gpedit.msc) or Local Security Policy Editor (secpol.msc). The error is, "MMC has detected an error in a snap-in”.

https://support.microsoft.com/en-us/help/4580346/windows-10-update-kb4580346

Thanks.

Best regards,
Hannah Xiong
Please sign in to rate this answer.

2 people found this answer helpful.

0 comments No comments
Sign in to comment

10 additional answers

Davide Radice 21 Reputation points

2020-09-17T18:25:54.27+00:00

Workaround

• Use a non-RS1 OS to edit GPOs. For example, install the GP admin tools to a client OS.

• The crash can be avoided by deleting the following registry key. Please make sure to export the reg key before deleting anything. Deleting the key will cause the “Interactive logon: Display user information when the session is locked” policy to not appear in the console. (The policy is still effective, but you can’t see it in the UI to edit it). You will need to import the key back later, after the fix has been released.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId
Please sign in to rate this answer.

4 people found this answer helpful.

0 comments No comments
Sign in to comment
Günter Born 16 Reputation points

2020-09-12T21:39:02.903+00:00

I received also a notification from a German user, that has been facing this issue. I've blogged about that at windows-10-v1607-update-kb4571694-creates-id-5827-events-bricks-mmc

It seems that update KB4577015 is causing this issues. Thx for posting/confirming
Please sign in to rate this answer.

2 people found this answer helpful.

0 comments No comments
Sign in to comment
Hannah Xiong 6,231 Reputation points

2020-09-11T09:59:37.103+00:00

Hello,

Thank you so much for posting here.

After finishing installing 2020-09 Cumulative Update for Windows server 2016 Domain Controller, the Security Option MMC also could not be opened in my AD environment. I am doing the research and will come back to you next week.

Thank you so much for your time and support.

Best regards,
Hannah Xiong
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Andrew Solmssen 96 Reputation points

2020-09-13T10:27:09.043+00:00

I am being affected by this as well - Windows Server Essentials 2016 VM, just updated to 2020-09 patches, trying to edit group policy settings for Computer Configuration - Policies - Windows Settings - Security Settings - Local Policies - Security Options. I get a dialog that an error has occured in wsecedit.dll.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment