Scenario

  • Access to \\yourDC\SYSVOL works
  • Access to \\yourDomain.local\SYSVOL does not work (or only on the DC, but not on the clients), it might ask for other user credentials
  • Windows 10 workstations

Coming up with Windows 10, there seems to be a stricter access policy for SYSVOL, which can lead to errors, e.g. if you have custom GPO startup scripts in there, or the client system even cannot access the inner gpt.ini file(s).

Workaround

  1. Open Group Policy Editor for your domain, e.g. the Default Domain Policy
  2. Open “Computer -> Administrative Templates -> Network -> Network Provider -> Hardened UNC Paths”
  3. Enter your server name (\\yourDC) into “Value name” and enter the following text
    1. RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0

  4. Repeat this step for every DNS hostname you use for this server (or other affected servers).
  5. Apply and reboot the client.

 

Reference

 

Share This: