question

Netw0rkDude-1243 avatar image
0 Votes"
Netw0rkDude-1243 asked Netw0rkDude-1243 edited

GPO UNC Hardening with Privacy not working when Hostname contains a hyphen

We had several Windows Server which contained a hyphen in their Hostname. For example, vm-hostname1
We enabled UNC Hardening via GPO for all shares on the relevant hosts and want to ensure that Encryption (Privacy) is activated.

\\vm-hostname1.example.domain\* RequireMutualAuthentication=1, RequireIntegrity=1, RequirePrivacy=1


When we check the SMB session details from the client via Powershell:


Get-SmbConnection | Select-Object -Property *

SmbInstance : Default
ContinuouslyAvailable : False
Credential : xxxx\xxxx
Dialect : 3.1.1
Encrypted : False
NumOpens : 1
Redirected : False

Output omitted.....


We also had some hosts without a hyphen in their hostname. On these Hosts the UNC Hardening with Privacy is working. SMB Session is encrypted.

After struggling a bit around with the Problem, we located the hyphen in the Hostname. When a hyphen is present in the hostname, the UNC Hardening settings are ignored and encryption is not activated.


I know Encryption could also be activated global on a server with Set-SmbServerConfiguration -EncryptData $true. It seems to be a Bug and the Registry Values are not parsed correct.

Our prefered way is to enable encryption via UNC Hardening GPO. But it seems to be a bug.

Any Suggestions?

windows-serverwindows-10-securitywindows-group-policywindows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered Netw0rkDude-1243 commented

Hello Netw0rkDude,

Thank you for your question.

We have a topic with a problem similar to yours, I recommend you see the article below:

https://social.technet.microsoft.com/Forums/en-us/7ff4bafa-a65a-4741-83a2-b9e0cf1e36b3/hardened-unc-path-gpo-question?forum=winserverGP



If the answer is helpful, please vote positively and accept as an answer.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The topic you linked is not helpful. I see the GPO and I configured the GPO. Settings are also apllied like I wrote on some systems when they have no hyphen in their hostname.

0 Votes 0 ·