On July 5, Microsoft officials posted a detailed blog post to the Microsoft "Ask Premier Field Engineering Platforms" blog about the issue, entitled "Who broke my user GPOs?".
Microsoft patch MS 16-072 (also known as KB 3163622), released June 14 for older versions of Windows, Windows Server, and Windows 10/Server 2016, was the source of the issue. The patch was meant to block possible man-in-the-middle attacks between the PC and the domain computer (DC).
"The official guidance from Microsoft is to ensure the computer accounts have 'Read' access to the user policies you wish to have applied, says post author Sean Greenbaum, offering up a variety of ways admins could make this happen.
Windows IT Pro has been following the twists and turns on this one. Their Patch Tuesday RSS feed is worth a follow, in my opinion.