[Samba] Domain DFS on new share
Jonathan Hunter
jmhunter1 at gmail.com
Fri Apr 21 10:39:44 UTC 2017
Thanks Louis, some good info there!
On 21 April 2017 at 10:58, L.P.H. van Belle via samba
<samba at lists.samba.org> wrote:
> Did you configure mutual authentication and integrity for the new share?
> [..]
> Good info here :
> https://blogs.technet.microsoft.com/askpfeplat/2015/02/22/guidance-on-deployment-of-ms15-011-and-ms15-014/
This led me to
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
which, on my Windows 7 VM, was completely empty.
Adding "\\*\dfs" and "\\*\notdfs" keys as string values, with
"RequireMutualAuthentication=0" as data, hasn't helped, unfortunately.
I also tried \\mydomain\dfs, and restarted the Windows machine each
time - no change.
I would have thought that if there are no registry values in the
HardenedPaths section, then this hasn't been configured.. not sure
though. One of the comments here indicates that this is off by default
on Windows 7, anyway:
https://social.technet.microsoft.com/Forums/en-US/6a20e3f6-728a-4aa9-831a-6133f446ea08/gpos-do-not-apply-on-windows-10-enterprise-x64?forum=winserverGP
Have you had to configure these explicitly on Windows 7 machines? Mine
are all effectively on 'defaults' as far as this is concerned.
J
--
"If we knew what it was we were doing, it would not be called
research, would it?"
- Albert Einstein
More information about the samba
mailing list