CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

18.5.14Network Provider

This section contains recommendations for Network Provider settings.

This Group Policy section is provided by the Group Policy template NetworkProvider.admx/adml that is included with the MS15-011 / MSKB 3000483 security update and the Microsoft Windows 10 RTM (Release 1507) Administrative Templates (or newer). 18.5.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

This policy setting configures secure access to UNC paths.

The recommended state for this setting is: Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares . Note: If the environment exclusively contains Windows 8.0 / Server 2012 (non-R2) or newer systems, then the " Privacy " setting may (optionally) also be set to enable SMB encryption. However, using SMB encryption will render the targeted share paths completely inaccessible by older OSes, so only use this additional option with caution and thorough testing.

589 | P a g e