Reviewing policies applied to Win2016 VDAs for a client, and discovered they'd pushed a group membership via GPO to add NT AUTHORITY\Authenticated Users to BUILTIN\Guests. Turns out it's causing issues with their Checkpoint agent, but I've never seen this config before and not sure why someone would set this up - has anyone seen this done before? (client doesn't know and their deployment was done by Citrix Consulting)