Recently, I came across an issue with MMC Snap-in error specifically while navigating to the Security options (wsecedit.dll) in either RSOP.msc or GPedit.msc. Further checking on other servers, noticed that the problematic server has the September patch installed KB4577015 and the working server had the August patch KB4571694.
Opened the RSOP.msc or GPedit.msc and navigate to Computer Configuration > Windows Setting > Security Settings > Local Policy > Security Options and the below error message appears,
Further researching, found that Microsoft has confirmed that it’s a known issue and below are the workarounds available.
Launch the MMC in one of Windows server where the specific patch is not installed and generate the RSoP data for the affected server
MMC -> Resultant Set of Policy -> More Actions -> Generate RSoP Data and select the option “Another Computer”
You can also install Remote Administrative tools using Server Manager on a device which is not running this patch. This will allow you to run Group Policy Management Console and edit GPOs on the affected server
The crash can be avoided by deleting the following registry key. Deleting the key will cause the “Interactive logon: Display user information when the session is locked” policy to not appear in the console. (The policy is still effective, but you can’t see it in the UI to edit it).
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId
Please Note: Export the registry key before deleting and import it when the actual fix has been released
Happy learning!! 🙂