Hardening administrative actions - issues with Kerberos and HTML if machines are cloned without Sysprep Microsoft's [Windows IT Pro Blog](https://techcommunity.microsoft.com/category/windows/blog/windows-itpro-blog) (worth a subscribe) recently posted this article with some details of security hardening changes that took place in the August / September 2025 security updates: [https://techcommunity.microsoft.com/blog/windows-itpro-blog/hardening-administrative-actions-what-it-pros-need-to-know/4503956](https://techcommunity.microsoft.com/blog/windows-itpro-blog/hardening-administrative-actions-what-it-pros-need-to-know/4503956) There's a lot of detail but the long and short of it is - if you're cloning devices without Sysprep, you really shouldn't be (duh!) - and you need to rebuild all devices that were done so, before the end of 2027. Otherwise you'll see various Kerberos and NTLM authentication failures.…