Thanks nnhood this was very helpful. I created a PowerShell script which I was able to deploy as a Win32 app via Intune. Not sure if this was the best approach, but I like it better than rolling back the cumulative updates. Here's my script for anyone interested: Stop-Service -Name "IKEEXT" -Force (Get-Service -Name "IKEEXT").WaitForStatus('Stopped') $acl = Get-Acl C:\Windows\SysNative\IKEEXT.DLL $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators","FullControl","Allow") $acl.SetAccessRule($AccessRule) $acl | Set-Acl C:\Windows\SysNative\IKEEXT.DLL Copy-Item "$PSScriptRoot\IKEEXT.DLL" -Destination "C:\Windows\SysNative" Start-Service -Name "IKEEXT"
... View more
