[cifs-protocol] [EXTERNAL] Windows 11 does not appear to apply group policies on logon when Hardened UNC paths are configured

Thu Dec 4 02:48:20 UTC 2025

Hello Kacper, thanks a lot for clarifying the background. Can you capture network trace showing SMB traffic between client and the server please.

Regards,

Sreekanth Nadendla

Microsoft Windows Open Specifications

________________________________
From: Kacper <kacper at kacper.se>
Sent: Wednesday, December 3, 2025 4:51 AM
To: Sreekanth Nadendla <srenaden at microsoft.com>
Cc: cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>
Subject: Re: [EXTERNAL] [cifs-protocol] Windows 11 does not appear to apply group policies on logon when Hardened UNC paths are configured

Hello,

Thank you for the response. I understand the distinction you’re making regarding product configuration, but I believe the issue may actually stem from an interoperability problem between Windows 11 and Samba. It seems possible that recent changes in either MS-SMB2 or MS-KILE within Windows 11 could be affecting how hardened UNC paths and logon authentication behave.

>From what I’m seeing, this may represent a regression in how Windows 11 handles UNC paths requiring mutual authentication, potentially due to additional security hardening introduced in the newer OS.

Additionally, Microsoft customer support has been unwilling to provide further assistance, as I was informed that this falls outside their support boundaries.

Regards,
Kacper

On Wed, 3 Dec 2025 at 03:08, Sreekanth Nadendla <srenaden at microsoft.com<mailto:srenaden at microsoft.com>> wrote:

Dochelp in Bcc

Hello Kacper,

It seems you are not actually implementing SMB protocol. Interoperability Documentation Help mail is meant for obtaining support for the Open Specifications documentation. You can read about the Microsoft Open Specifications program from http://www.microsoft.com/openspecifications/en/us/default.aspx

The library of Open Specification documents can be accessed from http://msdn.microsoft.com/en-us/library/dd208104(PROT.10).aspx

Based on the description of your issue, it appears to be related to product configuration rather than protocol specific. You can reach out to Microsoft platforms product support team for assistance on this issue. Below are some resources that provide contact information and explain various methods of obtaining support.

Microsoft Q&A | Microsoft Learn<https://learn.microsoft.com/en-us/answers/>

https://support.serviceshub.microsoft.com/supportforbusiness/onboarding?origin=/supportforbusiness/create

Regards,

Sreekanth Nadendla

Microsoft Windows Open Specifications

-----Original Message-----
From: Kacper <kacper at kacper.se<mailto:kacper at kacper.se>>
Sent: Tuesday, December 2, 2025 3:52 PM
To: Interoperability Documentation Help <dochelp at microsoft.com<mailto:dochelp at microsoft.com>>
Cc: cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>
Subject: [EXTERNAL] [cifs-protocol] Windows 11 does not appear to apply group policies on logon when Hardened UNC paths are configured

                Some people who received this message don't often get email from kacper at kacper.se<mailto:kacper at kacper.se>. Learn why this is important <https://aka.ms/LearnAboutSenderIdentification>

Hi dochelp,

In my testing, Windows 11 does not appear to apply Group Policy at logon when Hardened UNC Paths are configured with RequireMutualAuthentication=1 (Computer Configuration → Administrative Templates → Network → Network Provider → Hardened UNC Paths). The same configuration works without any issues on Windows 10.

It seems that access to the SYSVOL share fails during logon. Event Viewer reports error 2148073478 / Invalid Signature for the SYSVOL UNC path.

Could you assist me in determining the cause of this error?

Regards,

Kacper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20251204/f4e5c33d/attachment.htm>