Solved: August 2024 updates breaks GPO Item level targeting – user in group

Published by Justin on

If you are managing Windows Servers, Group Policies are a great way to distribute settings to your endpoints. However, a recent update of August 2024 in Windows Server 2022 and 2019 breaks user filtering in Group Policy (GPO) Item Level Targeting

The problem itself

When applying printers, registery settings or drive maps to users, we use Group Policy Item level targeting to filter users so only users with a group membership gets the policy applied.

Since the updates of August 2024 this isn’t working anymore:

We cannot select “User in group”, only “computer in group”. This applies only to new and existing policies. If you already have policies in place with “User in group” selected before the updates, this will still work as expected.

The cause and solution of User GPO break

The cause of this problem are two updates which have to be removed to make it work again:

Operating SystemUpdate (KB)
Windows Server 2019KB5042350
Windows Server 2022KB5041160

This update has to be removed on the server where you manage your Active Directory and/or Group Policies. You can keep the update installed on all other critical servers.

To remove this update, open Control Panel -> Programs and Features (appwiz.cpl)

Click on “View installed updates”

Select the right update for your OS and click “Uninstall”. After uninstalling the update the server has to be restarted. Make sure you perform this action in your maintenance window to decrease impact of this change.

Please note that this is a temporary solution, and not a persistent solution. Microsoft has to fix this in the coming update wave.

My advice

My advice is to leave the update installed. Uninstalling a update can do more than letting it installed. My advice is to only remove the update when you must configure such policies. If all your policies are in place and working and you don’t have to change anything, my advice is to leave the server alone and wait for the next update wave and hope for a solution from Microsoft.

End of the page 🎉

You have reached the end of the page. You can select a category, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.

If you think something is wrong with this post or you want to know more, you can send me a message to one of my social profiles at: https://justinverstijnen.nl/about/

Go back to Blog

The terms and conditions apply to this post.

Page visitors: No page-counter data available yet.
Categories: Windows Server
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Powershell Windows Server

Windows Server Inventory Report Script

To help us IT identifying certain configurations on a server and possible misconfigurations I have made a PowerShell script which creates a complete overview of the current server configuration and exports it as a single Read more...

Powershell Windows Server

Clean files on a schedule with Powershell script

Sometimes in IT, we have software or solutions that need to to save temporary files in your filesystem. Let’s say, a feed with logs or CSV files that are saved, logs or back-ups like the Read more...

Microsoft Azure Windows Server

In-Place upgrade to Windows Server 2025 on Azure

Once every 3 to 4 years you want to be on the last version of Windows Server because of new features and of course to have the latest security updates. These security updates are the Read more...