question

Hello,

Thank you so much for posting here.

After finishing installing 2020-09 Cumulative Update for Windows server 2016 Domain Controller, the Security Option MMC also could not be opened in my AD environment. I am doing the research and will come back to you next week.

Thank you so much for your time and support.

Best regards,
Hannah Xiong

I received also a notification from a German user, that has been facing this issue. I've blogged about that at windows-10-v1607-update-kb4571694-creates-id-5827-events-bricks-mmc

It seems that update KB4577015 is causing this issues. Thx for posting/confirming

I am being affected by this as well - Windows Server Essentials 2016 VM, just updated to 2020-09 patches, trying to edit group policy settings for Computer Configuration - Policies - Windows Settings - Security Settings - Local Policies - Security Options. I get a dialog that an error has occured in wsecedit.dll.

Hello,

Thank you so much for your time and support.

Update 2020-09 Cumulative Update (KB4577015) is causing this GPO MMC error. We are so sorry that we are having this problem. We have reported this issue and will come back here for any feedback.

Besides, to avoid being affected, we could choose to uninstall this update as shown below.

After successfully uninstall, the security options MMC could be opened then.

So sorry for the inconvenience caused. Thank again for your support.

Best regards,
Hannah Xiong

Any update on this when it can be fixed or if you have a private fix for it? I guess all customers have problems with this.

Workaround

• Use a non-RS1 OS to edit GPOs. For example, install the GP admin tools to a client OS.

• The crash can be avoided by deleting the following registry key. Please make sure to export the reg key before deleting anything. Deleting the key will cause the “Interactive logon: Display user information when the session is locked” policy to not appear in the console. (The policy is still effective, but you can’t see it in the UI to edit it). You will need to import the key back later, after the fix has been released.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId

Thank you @DavideRadice-0354 for your interim fix, hope MS will fix this soon.

 reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId"

MS acknowledged https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-1607-and-windows-server-2016#1482msgdesc

 The resulting error dialog provides options to continue using the Management Console to view other nodes normally. Note: This issue does not affect the application of the Security Options or any other Group Policy Objects (GPOs) to devices in your environment.
    
 Affected platforms:
 Client: Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
 Server: Windows Server 2016
 Workaround: To mitigate this issue, you can install Remote Administrative tools on a device running Windows 10, version 1709 or later. This will allow you to run Group Policy Management Console and edit GPOs on the affected server.
    
 Next steps: We are working on a resolution and will provide an update in an upcoming release.

I've got this on DCs but also on at least one member server with the AD Tools installed

On that member server no admin tool which uses mmc.exe would launch.

I got "This app has been blocked for your protection" until I deleted the registry key and restarted