none
UNC Hardening RequireMutualAuthentication denies access to GPO

    Question

  • Hello,

    We have 2012r2 DCs in our environment and a mix of 2008sp2, 08r2, and 2012r2 MS. We have implemented UNC hardening with requiremutualauthentication=1, requireintegrity=1  and  it works for all systems other than our 2008 SP2 MS. However, it was working fine when we had 2008 DCs for all member servers. Now, on our 2008sp2 MS group policy fails because they are no longer able to access sysvol or netlogon on the DCs when mutualauthentication is required. I have been through ms15-011 & 015 with a fine tooth comb multiple times and have also installed 2272153, still get access denied. Any ideas would be appreciated.

    Monday, April 03, 2017 6:43 PM

All replies

  • Hi,
    Based on my research, it seems that customers who download and install updates manually will need to install both updates (3000483 and 3004375), which can be installed in any order.
    You could check if KB3004375 is installed on windows server 2008SP2.
    Please see details from: https://technet.microsoft.com/en-us/library/security/ms15-011.aspx
    Best Regards,
    Wendy Jiang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, April 04, 2017 5:33 AM
    Moderator
  • I have already validated both were installed.
    Tuesday, April 04, 2017 8:02 PM
  • Hi,
    Was the windows server 2008sp2 working well before you implemented UNC hardening? If yes, have you tried to roll back the previous settings on this server?
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, April 07, 2017 1:55 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, April 10, 2017 2:11 PM
    Moderator