Hi guys
Having the same issue but it is on windows server 2019 RSAT feature.
Would it be a similar August update to affect this issue?
This has just come out of nowhere also and affected our service desk.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
after installing the latest cumulative(KB5016616) and security(KB5012170) updates for August for win10 ver. 20H2 1094.1889, our HelpDesk is having problems with RSAT.
While traying to reset password they obtain following error "Windows cannot complete the password change for user because: Access is denied".
They have delegated rights for specific OU with security group to reset password, and they are not members of any admin builtin groups because we don't want them to have administrator rights.
After uninstalling of the latest patches the error is gone and they again can reset password.
Has anyone run into the same problem?
Also did anyone found maybe any workaround or fix for this issue?
Also our DC is on 2012 R2 and worksations are on Win 10 20H2.
Hi guys
Having the same issue but it is on windows server 2019 RSAT feature.
Would it be a similar August update to affect this issue?
This has just come out of nowhere also and affected our service desk.
I've encountered the same issue on Win11, but if I log onto one of our virtuals, I have no issues, no matter the OS version.
An important question for all experiencing this issue:
How many of you have the following GPO setting for your domain controllers defined: Computer Configuration\Policies\Windows Settings\Security Settings\Local Settings\Security Options--> Network Access: Restrict Clients Allowed to Make Remote Calls to SAM Enabled, Security Descriptor = O:BAG:BAD:(A;;RC;;;BA)(A;;RC;;;
Though some of you may have compliance/regulatory concerns by changing this, if you add the AD group that needs the Reset Passwords permission, those users should be able to reset passwords again. If some of you are unable/unwilling to do this, I've found that resetting passwords via the Active Directory Administrative Center is a viable workaround.
Same issue here. Tried removing the updates to no avail. I have a couple users trying this on Windows 11 as well. The only way I can get RSAT working is from accounts that have actual administrative rights on the domain. Let me know if anyone finds any workarounds.
I gave my self full delegated control on "test" OU and I can for example create new user but password cant be set, after that AD automatically disable that user. Also I was not able to reset password with delegated control in any OU, neither "test" OU with full delegated control..
Once I removed latest KB, all worked normal again..
So something is wrong with the latest KB that Microsoft pushed.
At the end I created new group in WSUS and I forced that group to remove latest KB and for now HelpDesk can reset passwords again..
Regedit WSUS from 1 -> 0 wont work since you already have updates on your workstation. You want to get latest security updates from Microsoft.