Universal Policy Administrator Documentation
Troubleshooting
Trouble Connecting to Untrusted Domains
If you are having problems connecting to Untrusted Domains, please confirm:
- DNS connectivity between your Trusted and Untrusted Domains
- UPA has access to SYSVOL on the Untrusted Domains
On the machine where UPA has been installed, the Hardened UNC Paths need to be configured for \\<UntrustedDomainName>\SYSVOL with RequireMutualAuthentication=0, RequireIntegrity=0, RequirePrivacy=0.
Option 1 – Using Local Group Policy Editor
- On the machine where UPA is installed, run gpedit.msc.
- Navigate to:
Computer Configuration → Administrative Templates → Network → Network Provider → Hardened UNC Paths - Open Hardened UNC Paths, set the policy to Enabled, click Show, and add:
- Value name: \\<UntrustedDomainName>\SYSVOL
- Value: RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0
- Apply and close the editor.
Option 2 – Using Group Policy Management Console (GPMC)
- Open Group Policy Management Console.
- Navigate to an existing GPO or create a new one.
- Go to: Computer Configuration → Administrative Templates → Network → Network Provider.
- Locate and open Hardened UNC Paths.
- Set the policy to Enabled.
- Click Show next to the UNC paths field.
- Add a new entry:
- Value name: \\<UntrustedDomainName>\SYSVOL
- Value: RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0
- Apply and close the editor.
Alternative: Direct Registry Configuration
For direct registry modification:
- Path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
- Value Name: \\<UntrustedDomainName>\SYSVOL
- Type: REG_SZ
- Data: RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0
Verification
- Run gpupdate /force on the machine where UPA is installed.
- Confirm the registry entry exists at the specified path.
- Run gpresult /r to verify that the policy is applied.