Jump to content


  • 0
petsva

Windows 10 - Policies not applied during boot

Question

Hey guys,

 

We are currently rolling out Windows 10 Enterprise 1511 on a new Customer and we encountered a problem with Policies not being applied on Wifi Connection even though Wait for Network Connection Policies etc is applied. After login in to the system you can either do a GPUPDATE /Force or just wait and policies are applied after random intervalls of 15-45min. Same System on a wired connection works.

 

After troubleshooting DNS, NAP, 802.1x Policies and logging network activity i found this post on https://social.technet.microsoft.com/Forums/en-US/6a20e3f6-728a-4aa9-831a-6133f446ea08/gpos-do-not-apply-on-windows-10-enterprise-x64?forum=winserverGP, It turns out that UNC Hardening is by default turned on in W10. After a little investigation there are alot of information regarding that this should have been changed in W10 Ent 1511 release but it clearly is not. After getting home from the office i did some more testing and Inplace Upgrades from W8, W8.1 is not affected by this since they were solved with a Patch from Microsoft disabling the UNC hardening feature by default..

 

MS15-011 covers more deept in the case of UNC hardening:
Adding These regkeys Solved my issues completly and gives me time to test UNC Hardening fully in Lab environment before adding feature in production:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\SYSVOL" /d "RequireMutualAuthentication=0" /t REG_SZ
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\NETLOGON" /d "RequireMutualAuthentication=0" /t REG_SZ
Note:By adding these registry keys you completly turn of the UNC Hardening on the Windows 10 client.
I strongly recommend looking into the MS15-011and MS15-014 and implementing it to secure your Environment against possible Remote code Execution
Br /Peter
  • Like 1

Share this post


Link to post
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.