PCs joined to the TTU domain are not successfully running existing or new group policy objects (GPOs).

To improve the security of servers and workstations joined to a domain, Microsoft released security bulletin MS16-072, and an associated security patch on June 14, 2016, that fundamentally changes the security requirement for applying group policy objects (GPOs) in departmental organizational units (OUs). Once the security update is applied, domain computers will not successfully run existing or new GPOs unless specific permission requirements have been established.

To avoid interruption in your GPO propagation, please use the Group Policy Management Console (GPMC.MSC) to update your department GPO permissions.

OUTCOME

The GPOs will be applied as expected.