Hi there.
Quick post about another quirk Microsoft the Internet donated to us. With MS15-014, UNC hardening was introduced. Microsoft offers a comprehensive guide about what it does and how to configure it:
Here you also can find the "minimum recommended settings", where the hardening value is described like this: "RequireMutualAuthentication=1, RequireIntegrity=1".
After conducting a security assesment against our client computers, a request was opened to implement UNC hardening. We also were provided with the settings to implement.
Maybe - like me - you simply copied what you were sent and pasted it into your new UNC hardening GPO. Done you are, right?
Unfortunately, this can go WRONG. But you won't notice - GPResult shows everything fine (except a rather invisible hint, see screenshot below), registry looks ok. Only if you dig into the "NetworkProvider" eventlog, you will note Event 1006 claiming an error in the syntax of your entry.
This is how our setting looked in GPResult:
If you take a really close look, you will notice that there's not one space after the comma, but two.
Reason being? Someone added a space character in the value, wich MUST be removed for the setting to apply successfully. When I added UNC hardening, I did copy/paste on the values that were sent to me. They looked ok in the settings list, they looked ok in the GPO settings report, they looked ok in GPResult. What I did overlook is that what was sent to me contained a line break, and I also copied this line break:
And the network provider really does not like line breaks...
The originating reason why this was sent to us including a line break is lost in the fogs of the past. Most probably, it was itself copied from a source on the Internet where a CMS added a line break for automatic line wrapping, or it was a PDF where the same happened.
That said... 😀
Update 2023/07/26: Corrected the reason - it is not a space character, it is a line break that breaks UNC hardening. And it's not Microsofts fault, but ours 🙈
