There has been surprise and alarm in some quarters this week when RDP suddenly stopped working.Most likely this is because your clients got patched but your servers did not, and now in May, as promised, connections will be blocked by default unless both ends are patched.So far we've tried a manual "gpupdate /force", idle time to let the servers sync, and reboots. On one server we did a "/force" then an immediate reboot, and that didnt work.
Please see updates at the end of the post before applying any group policy!
The problem is that you need the new admx (policy) and adml (resource) files that are delivered with the patch.
Rename the current Cred to Cred old, or move it to another location. Copy the Cred file from the updated machine to this folder.
Note If you try to open the group policy at this point, you’ll get this error: You need the resource file too. On a domain controller, in Windows Explorer, navigate to C:\Windows\SYSVOL\sysvol\Policies\Policy Definitions\en-US (or your local language) a.
Applying group policy to make the connection Vulnerable is the best solution.
Uninstalling the May client patch is not the best solution.
This compares the currently applied GPO to the GPO that is located on the domain controllers.
If nothing has changed since the last time the GPO was applied, then the GPO is skipped.
Since i've updated some of the Windows 10 clients to version 1709 (Fall Creators Update) the most of the GPOs aren't applied to the clients anymore (no matter where they are linked).
We've recently transitioned our instance of WSUS from Server1 to Server2. Part of the transition is to update the associated GPO that tells the servers in the domain which WSUS server to use.
For group policy wonks, this is no doubt old hat, but for the rest of us: 1.