Same issue here. No solution found.
RSAT - Access denied - After August KB5016616 & kb5012170 updates
Hello,
after installing the latest cumulative(KB5016616) and security(KB5012170) updates for August for win10 ver. 20H2 1094.1889, our HelpDesk is having problems with RSAT.
While traying to reset password they obtain following error "Windows cannot complete the password change for user because: Access is denied".
They have delegated rights for specific OU with security group to reset password, and they are not members of any admin builtin groups because we don't want them to have administrator rights.
After uninstalling of the latest patches the error is gone and they again can reset password.
Has anyone run into the same problem?
Also did anyone found maybe any workaround or fix for this issue?
Also our DC is on 2012 R2 and worksations are on Win 10 20H2.
8 answers
Sort by: Most helpful
-
-
Houssem Mejri 6 Reputation points
2022-08-23T13:55:04.273+00:00 You need to Modify UseWUServer registry key ![![234122-image.png][1]][1] [1]: /api/attachments/234103-image.png?platform=QnA
-
Blast 16 Reputation points
2022-08-25T13:21:49.367+00:00 I gave my self full delegated control on "test" OU and I can for example create new user but password cant be set, after that AD automatically disable that user. Also I was not able to reset password with delegated control in any OU, neither "test" OU with full delegated control..
Once I removed latest KB, all worked normal again..
So something is wrong with the latest KB that Microsoft pushed.
At the end I created new group in WSUS and I forced that group to remove latest KB and for now HelpDesk can reset passwords again..
Regedit WSUS from 1 -> 0 wont work since you already have updates on your workstation. You want to get latest security updates from Microsoft.
-
Cameron Nye 6 Reputation points
2022-08-24T19:09:28.17+00:00 No luck on the regkey. I wonder what WindowsUpdate has to do with the AD permissions.
-
ShawnP-2756 1 Reputation point
2022-09-29T13:19:15.283+00:00 Same issue here. Tried removing the updates to no avail. I have a couple users trying this on Windows 11 as well. The only way I can get RSAT working is from accounts that have actual administrative rights on the domain. Let me know if anyone finds any workarounds.