After MS16-072 is installed, user group policies are retrieved by using the computer’s security context. This by-design behavior change protects domain joined computers from a security vulnerability.

Check if “Authenticated Users” group read permissions were removed intentionally by the admins. If not, then you should probably add those back. For example, if you do not use any security filtering to target specific group policies to a set of users, you could add “Authenticated Users” back with the default permissions as shown in the example screenshot above.

Get-GPO -All | Set-GPPermission -PermissionLevel GpoRead -TargetType Group -TargetName “Authenticated Users”

If “Authenticated Users” has more permissions, nothing is changed. The GPOs that do not have “Authenticated users”, will get the read permission.