Jump to content


New Members
  • Content Count

  • Joined

  • Last visited

Posts posted by petsva

  1. Hey guys,


    We are currently rolling out Windows 10 Enterprise 1511 on a new Customer and we encountered a problem with Policies not being applied on Wifi Connection even though Wait for Network Connection Policies etc is applied. After login in to the system you can either do a GPUPDATE /Force or just wait and policies are applied after random intervalls of 15-45min. Same System on a wired connection works.


    After troubleshooting DNS, NAP, 802.1x Policies and logging network activity i found this post on https://social.technet.microsoft.com/Forums/en-US/6a20e3f6-728a-4aa9-831a-6133f446ea08/gpos-do-not-apply-on-windows-10-enterprise-x64?forum=winserverGP, It turns out that UNC Hardening is by default turned on in W10. After a little investigation there are alot of information regarding that this should have been changed in W10 Ent 1511 release but it clearly is not. After getting home from the office i did some more testing and Inplace Upgrades from W8, W8.1 is not affected by this since they were solved with a Patch from Microsoft disabling the UNC hardening feature by default..


    MS15-011 covers more deept in the case of UNC hardening:
    Adding These regkeys Solved my issues completly and gives me time to test UNC Hardening fully in Lab environment before adding feature in production:
    reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\SYSVOL" /d "RequireMutualAuthentication=0" /t REG_SZ
    reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\NETLOGON" /d "RequireMutualAuthentication=0" /t REG_SZ
    Note:By adding these registry keys you completly turn of the UNC Hardening on the Windows 10 client.
    I strongly recommend looking into the MS15-011and MS15-014 and implementing it to secure your Environment against possible Remote code Execution
    Br /Peter
    • Like 1
  • Create New...