I’ve been doing quite a bit of reading on the KB3000483 update and subsequent GPO deployment. What isn’t clear to me (and I can’t find an answer online) is if the update must first be deployed to both servers and clients for the security to work. That is, if the update has been installed on our domain controllers and we harden the UNC path\\*\sysvol for mutual authentication and integrity, will only clients that have the update installed be able to access files in the sysvol? And does that mean clients that donot have the update installed will not be able to access the sysvol directory?
Next question is where must the UNC hardening GPO be applied? Does it have to apply to both serverand client, clients only or severs only? I realize the guidance on KB3000483 describes linking the GPO at the domain level but is that just because it's easy and comprehensive in that it applies to all domain computer objects (assuming policy is not blocked at a lower level.)
-- Jason