[Samba] UNC-Hardening, config via group policy

Stefan G. Weichinger lists at xunil.at
Thu Feb 11 19:47:45 UTC 2021

I currently try to rollout AV software via a group policy (doesn't 
matter, which software).

A group policy sets a logon script, that one looks for a registry key, 
and if it isn't there yet it calls a binary.exe from \\somedc\sysvol\

I have a GPO in place for years now that trusts



as found in some howtos online.

OK, maybe that one never worked ...

But group policies work, so access to these shares works so far.

I added lines matching a specific DC etc ... didn't work.

I tried to store the exe on another share which is reachable via "W:\" 
from all clients ... to avoid UNC-path.

Doesn't work.

Do I have to look at these IE-Zone stuff? I have a GPO for that as well, 
but have to check.

In general: is there maybe something new to configure with latest 
Windows 10 clients?


More information about the samba mailing list