Every month we set GPO's for Autologin for various maintenance reboots (patching, software upgrades). We typically set the GPO's a few days in advance and have no SEE Bypass issues. Every so often we have the "firecall" for a zero day, and the whole shebang of deployment (from setting SEE bypass/autologin in GPO to scheduled deployment) occurs in a 12 hour window, however this is well within GPO processing times for the clients.
What we usually see in those "danger-close" scenarios (setting everything in a tight window), a small handfull of machines will sit at SEE post reboot instead of properly bypassing and sitting at the Windows login. When checking the Event Log, we see that these machines are properly evaluting the GPO as being changed, and processing the GPO on the system well in advance of the scheduled reboot to Windows.
I think this issue resides within SEE client, wondering if anyone else has seen the behavior and can comment.
Thanks,
The S.