[cifs-protocol] [EXTERNAL] Windows 11 does not appear to apply group policies on logon when Hardened UNC paths are configured
Kacper
kacper at kacper.se
Wed Dec 3 09:51:10 UTC 2025
Hello,
Thank you for the response. I understand the distinction you’re making
regarding product configuration, but I believe the issue may actually stem
from an interoperability problem between Windows 11 and Samba. It seems
possible that recent changes in either MS-SMB2 or MS-KILE within Windows 11
could be affecting how hardened UNC paths and logon authentication behave.
>From what I’m seeing, this may represent a regression in how Windows 11
handles UNC paths requiring mutual authentication, potentially due to
additional security hardening introduced in the newer OS.
Additionally, Microsoft customer support has been unwilling to provide
further assistance, as I was informed that this falls outside their support
boundaries.
Regards,
Kacper
On Wed, 3 Dec 2025 at 03:08, Sreekanth Nadendla <srenaden at microsoft.com>
wrote:
> Dochelp in Bcc
>
> Hello Kacper,
>
> It seems you are not actually implementing SMB protocol. Interoperability
> Documentation Help mail is meant for obtaining support for the Open
> Specifications documentation. You can read about the Microsoft Open
> Specifications program from
> http://www.microsoft.com/openspecifications/en/us/default.aspx
>
> The library of Open Specification documents can be accessed from
> http://msdn.microsoft.com/en-us/library/dd208104(PROT.10).aspx
>
> Based on the description of your issue, it appears to be related to
> product configuration rather than protocol specific. You can reach out to
> Microsoft platforms product support team for assistance on this issue.
> Below are some resources that provide contact information and explain
> various methods of obtaining support.
>
>
> Microsoft Q&A | Microsoft Learn
> <https://learn.microsoft.com/en-us/answers/>
>
>
> https://support.serviceshub.microsoft.com/supportforbusiness/onboarding?origin=/supportforbusiness/create
>
>
>
> Regards,
>
> Sreekanth Nadendla
>
> Microsoft Windows Open Specifications
>
>
>
>
> -----Original Message-----
> From: Kacper <kacper at kacper.se>
> Sent: Tuesday, December 2, 2025 3:52 PM
> To: Interoperability Documentation Help <dochelp at microsoft.com>
> Cc: cifs-protocol at lists.samba.org
> Subject: [EXTERNAL] [cifs-protocol] Windows 11 does not appear to apply
> group policies on logon when Hardened UNC paths are configured
>
>
>
> Some people who received this message don't often get
> email from kacper at kacper.se. Learn why this is important <
> https://aka.ms/LearnAboutSenderIdentification>
>
>
>
> Hi dochelp,
>
>
>
> In my testing, Windows 11 does not appear to apply Group Policy at logon
> when Hardened UNC Paths are configured with RequireMutualAuthentication=1
> (Computer Configuration → Administrative Templates → Network → Network
> Provider → Hardened UNC Paths). The same configuration works without any
> issues on Windows 10.
>
>
>
> It seems that access to the SYSVOL share fails during logon. Event Viewer
> reports error 2148073478 / Invalid Signature for the SYSVOL UNC path.
>
>
>
> Could you assist me in determining the cause of this error?
>
>
>
> Regards,
>
> Kacper
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20251203/14c9c027/attachment.htm>
More information about the cifs-protocol
mailing list