Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, August 5, 2015 6:44 PM | 1 vote
I have a domain environment setup and when attempting to connect to the domain server based on IP I get "Access denied" back, but when I use the server name I can log in just fine. Are there new permissions in Windows 10 that I need to set server-side (Windows Server 2012 R2) to allow the authentication?
All replies (5)
Saturday, August 8, 2015 11:55 AM ✅Answered
Hi,
I'm a little unclear about the question.
"Access Denied when access with IP but success with IP" seems to be an issue related to access a network share - what's the relationship of "Netlogon and Sysvol" (which seems something like group policy cannot be applied issue)? Please share the exact error message with us.
Meanwhile as you said it sounds strange if IP will not work but server name will - can you try a domain rejoin to see the result?
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Wednesday, September 2, 2015 5:58 AM ✅Answered
I have a similar issue; when accessing \<domain.name>\SYSVOL I get 'Access Denied' and a prompt for credentials. When I access \<dc netbios name\SYSVOL I can access it without prompt. Afterwards i still cannot access \<domain.name>\SYSVOL.
Result of all this is that Group Policies are not readable at logon and thus not applied.
Seems to me there is something wrong with the DFS authentication on the SYSVOL root...
Other thread here.
Thursday, May 5, 2016 5:28 PM | 3 votes
The solution provided by sashka_zion fixed my issue. I took it one step further and created a Group Policy for my domain workstations which surprisingly worked. I would have thought it would not be able to apply the GPO unless it was able to access sysvol first but whatever, it works:
To resolve this issue run gpedit.msc, go to Computer -> Administrative Templates -> Network -> Network Provider -> Hardened UNC Paths, enable the policy and click "Show" button. Enter your server name (\myservername) into "Value name" and enter the folowing text "RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" wihtout quotes into the "Value" field.
Monday, June 27, 2016 1:05 PM
Thanks.... This resolves my issue.... :)
Friday, December 13, 2019 1:07 PM
Doesnt this beat the purpose of UNC hardening?