Microsoft enforces new requirement for Windows 11 25H2 and 24H2 installations

Microsoft enforces new requirement for Windows 11 25H2 and 24H2 installations

Introduction to Windows 11 2025 Update

In September 2023, Microsoft launched the Windows 11 2025 update, designated as version 25H2. This significant rollout is now available for users on both Windows 11 and Windows 10 systems that meet the compatibility requirements.

Enhancements for IT Administrators

Following the update, Microsoft unveiled a series of valuable announcements tailored for office and enterprise environments. Notably, the company disclosed a comprehensive list of 36 new settings designed for IT administrators. These settings allow for efficient management and deployment of various features on enterprise-managed Windows 11 25H2 installations, enhancing operational efficiency and control.

Considerations for IT Admins

For IT professionals intending to deploy Windows 11 25H2 in their environments, it is crucial to determine the timing of installation, particularly if hotpatching is necessary. This insight is imperative to ensure smooth transitions and maintain system integrity.

Authentication Changes and Implications

Another pivotal modification impacting both enterprise and home users of Windows 11 25H2 is the alteration in authentication protocols. Microsoft has specified that it will no longer support authentication on NTLM and Kerberos for devices with duplicate computer Security Identifiers (SIDs).This update, which also applies to Windows 11 24H2, is underpinned by a common servicing branch and codebase.

Identifying Related Issues

Users may encounter several issues as a result of this enforcement, particularly concerning access to shared resources. Common problems include:

  • Frequent prompts for user credentials.
  • Authentication failures despite valid credentials, leading to on-screen errors such as:
    • “Login attempt failed.”
    • “Login failed/your credentials didn’t work.”
    • “There is a partial mismatch in the machine ID.”
    • “The username or password is incorrect.”
  • Inaccessibility of shared network folders via IP address or hostname.
  • Failed Remote Desktop connections, including Remote Desktop Protocol (RDP) sessions initiated through Privileged Access Management (PAM) or third-party applications.
  • Access denied errors when utilizing Failover Clustering.
  • Error messages in Event Viewer, such as:
    • SEC_E_NO_CREDENTIALS in the Security log.
    • Event ID 6167 in the System log, reported by the Local Security Authority Server Service (lsasrv.dll), indicating a partial mismatch in the machine ID.

The Reason Behind the Changes

This security measure aims to thwart unauthorized access to sensitive files that may have been vulnerable on systems with duplicated SIDs. To address these issues, Microsoft recommends utilizing Sysprep, a built-in Windows tool, to guarantee the uniqueness of SIDs during OS cloning and duplication processes for Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025.

How Sysprep Works

Sysprep is instrumental in “generalizing”a Windows image, effectively eliminating duplicate SIDs and specific PC-related information during installations. For in-depth guidance, users can consult the support article here, which is available under KB5070568 on Microsoft’s official website.

Source & Images

Related Articles:

Microsoft Commits $7.9 Billion to AI and Cloud Infrastructure in UAE by 2029
Microsoft Secures $9.7 Billion Deal for AI Computing Power

Leave a Reply

Your email address will not be published. Required fields are marked *