This patch changes the security context with which user group
policies are
retrieved. This by-design behavior change protects customers’
computers from a security vulnerability. Before MS16-072 is installed, user
group policies were retrieved by using the user’s security context. After
MS16-072 is installed, user group policies are retrieved by using the machines
security context.
Note that group policy application is still done using the user or group context, as previously.
It is recommended that you do not uninstall or roll-back this patch. The change in behavior is by design and adjustments can be made in the access controls to restore functionality, as follows:
In Group Policy Management Console, for the GPO in question, on the Delegation Tab, add the access control entry of: "Domain Computers" with "READ" permission (not "READ and Apply Group Policy").