Hardened UNC Access-Required?


  • We have user login scripts(vbs) that are mapping drives via UNC.  We applied KB30000483 and KB3004361 to one of our domain controllers last night, and those script continued to work.  The servers that are being referenced in the UNCs do not have those 2 updates yet.  Trying to figure if these 2 updates just provide the ability to use hardened UNC access in GPOs, or if we are about to be forced to use UNC hardened access.  The GPO I created says it will allow me to enabled hardened access, which I would rather avoid if this is just a feature.  Not sure if this is more of a security question, but if anyone has already seen an issue with this, let me know.

    -Here is what the KBB says

          Group Policy settings-
          This security update requires the following steps to be performed in order to protect against the vulnerability described in the bulletin (MS15-011

          ( . To enable this functionality, a system administrator must apply the following Group Policy settings in addition to installing security update 3000483


    Also-If we use GPP to map our drives to UNC paths, will that work without any issues?  Hard to understand this article because it sounds like it you apply both patches, that applications(and guessing login scripts) will be forced to use hardened UNC access.

    • Edited by DaveBryan37 Thursday, March 12, 2015 8:34 PM
    Thursday, March 12, 2015 7:07 PM


All replies