I'm having a weird issue, when running gpupdate on a computer. It comes down to SYSVOL not being accessible. Client: Windows 10 buid 1709 / 16299.125
Situation: 2 domain controllers (Windows Server 2012 R2). - browse to \dc01\sysvol : works - browse to \dc02\sysvol : works - browse to \intranet\sysvol : works
Works intermittently (as in, I don't change anything, don't reboot, just try again at later points): - browse to \intranet.izegem.be\sysvol -> sysvol folder is visible but prompts credentials, even Domain Admin doesn't work - browse to \\sysvol -> sysvol folder is visible but prompts credentials, even Domain Admin doesn't work - browse to \\sysvol -> sysvol folder is visible but prompts credentials, even Domain Admin doesn't work
What could I check? Nothing weird visible when I check dcdiag /v
Update: for future reference, it seems to be a Windows bug: https://social.technet.microsoft.com/Forums/en-US/6a20e3f6-728a-4aa9-831a-6133f446ea08/gpos-do-not-apply-on-windows-10-enterprise-x64?forum=winserverGP
Strangely enough, even Microsoft comes to this conclusion. https://blogs.technet.microsoft.com/leesteve/2017/08/09/demystifying-the-unc-hardening-dilemma/
Domain Forest Level is now 2012R2 as well. No idea what the fix is besides those registry-keys, which seem to be a workaround/disabling.
