[cifs-protocol] [EXTERNAL] Re: Windows 11 does not appear to apply group policies on logon when Hardened UNC paths are configured - TrackingID#2512040040010550

Obaid Farooqi obaidf at microsoft.com
Tue Dec 9 20:07:27 UTC 2025 

Hi Kacper:
I want to reproduce this for Windows to Windows. Please let me know the exact steps and set up.

Alternatively, you can collect ETW traces for me on the Windows 11 client. The script I have attached to this email does not survive reboot. So, if you can reproduce the scenario without rebooting, here are the steps.


  1.  Unzip and copy the file t.cmd on your windows 11 client.
  2.  Login as administrator and in a cmd (elevated), execute the following command:
>t.cmd clion
  3.  Reproduce the scenario, which I guess will require you to log off and login again (preferably as a different user)
  4.  Once you see the error in Event Viewer, repro is complete.
  5.  Open an elevated Cmd window and execute the following command:
>t.cmd clioff
  6.  Upload the resulting t*.cab file to the link I provided you.

Regards,
Obaid Farooqi
Sr. Escalation Engineer | Microsoft

From: Obaid Farooqi
Sent: Monday, December 8, 2025 10:38 AM
To: 'Kacper' <kacper at kacper.se>
Cc: Microsoft Support <supportmail at microsoft.com>; cifs-protocol <cifs-protocol at lists.samba.org>
Subject: RE: [EXTERNAL] Re: Windows 11 does not appear to apply group policies on logon when Hardened UNC paths are configured - TrackingID#2512040040010550

Hi Kacper:
Thank you for the traces. I’ll look into them and get back to you as soon as I have anything conceret.
Regards,
Obaid Farooqi
Sr. Escalation Engineer | Microsoft

From: Kacper <kacper at kacper.se<mailto:kacper at kacper.se>>
Sent: Monday, December 8, 2025 4:20 AM
To: Obaid Farooqi <obaidf at microsoft.com<mailto:obaidf at microsoft.com>>
Cc: Microsoft Support <supportmail at microsoft.com<mailto:supportmail at microsoft.com>>; cifs-protocol <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>
Subject: [EXTERNAL] Re: Windows 11 does not appear to apply group policies on logon when Hardened UNC paths are configured - TrackingID#2512040040010550

Hello Obaid,

Thank you for taking over this issue. The issue occurs between a Windows 11 client and a Samba DC. I’ve tested the same scenario against a Windows DC, and it works correctly there.
My testing was done with Windows 11 (24H2, OS version 26100.7171) and Samba 4.21.10. I’ve uploaded the network trace, the event log entry, and the auth trace.
Manually running gpupdate /force after the user logs on works without any issues.

I would like to understand why Windows fails to apply GPOs during logon when Hardened UNC Paths are configured and the domain controller is Samba.

Regards,
Kacper
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20251209/77bf67df/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: t.zip
Type: application/x-zip-compressed
Size: 10155 bytes
Desc: t.zip
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20251209/77bf67df/t.bin>

More information about the cifs-protocol mailing list