question

[hangookfreak]

I have this setup on a multitude of computers but we are running issues with certain smb network drives connecting.

[0x6d69636b]

I need the following information to help you:

1. Did it work before you used HailMary mode?
2. Which finding list(s) did you use?
3. On what system did you run HailMary (server and/or client)?
4. How do you mount the share (command)?

[hangookfreak]

it does work without it as we have some computers that run it where we havent put HK on yet. 22h2 client side i have tried manually mounting as well as a batch file

[0x6d69636b]

As CIS, Microsoft Security Baseline and 0x6d69636b Windows 10 are lists for 22H2, please be more specific

[hangookfreak]

finding_list_msft_security_baseline_windows_10_22h2_user.csv

[hangookfreak]

sorry the machine one

[hangookfreak]

the weird thing is that one other network drives that we map is able to connect. we are able to ping the drive that doesnt connect as well but it wont connect. nothing within event viewer.

[0x6d69636b]

Okay, let's see. You only did the hardening on the client, not on the server. How is the authentication done, local user or domain users, over Kerberos or NTLM? Is the server also Windows or an older system? Do you relay on stored passwords?

[hangookfreak]

nothing is done server side. authentication is done by using a local account on the server. no domain.server is also windows. most likely an older system.

[0x6d69636b]

It may be NTLM related, try Microsoft network client: Digitally sign communications (always), Network security: LAN Manager authentication level, and/or Network security: Minimum session security for NTLM SSP based (including secure RPC)

[hangookfreak]

let me check those.

[hangookfreak]

none of those worked additionally SMB 1 was turned on as well

[0x6d69636b]

Did you check Configure SMB v1 client driver as well?

[hangookfreak]

yup. ive checked all SMB settings All Lanman settings all RPC settings

[hangookfreak]

any other ideas on what it can be? does this HK script also change anything in group policy or security policies?

[hangookfreak]

do you think it would have to do anything with like account impersonation or anything account related rather than network?

[0x6d69636b]

No, HardeningKitty does not/cannot change group policies. If a policy is applied, any changes made by HardeningKitty will be overwritten. The account settings are for the local system and should not change the behaviour of the remote system. Sorry, I ran out of ideas what could be causing this problem

[hangookfreak]

no worries. Thank you