Problem: Win10 Can Not Access Netlogon or Sysvol Share

Problem

Your Windows 10 computers can not access the netlogon/sysvol share and are getting “ACCESS DENIED” when trying.

Environment

Trying to access the above shares with MacOS or Linux with the same user just works fine. None of the client systems are joined to the domain.
Windows 10 prevents connection to untrusted servers by default. Joining a Windows 10 system to the domain makes is to trust the server automatically. But when not joined they are untrusted and Windows 10 refuses to connect.

Solution

Set a registry key on your Windows 10 clients:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\\ucsserver"="RequireMutualAuthentication=0"
"\\\\ucsserver.fqdn"="RequireMutualAuthentication=0"

You can configure that via GPO

Mastodon