RestrictRemoteSAM is applied but is not working

Jadan, Andres 0 Reputation points
2024-01-15T17:44:24.12+00:00

In our organization we have applied the "Network access: Restrict clients allowed to make remote calls to SAM" security policy via GPO in all of our windows 10 and windows 11 workstations as described in the CIS hardening guide. But the remote calls to SAM are still allowed by any user in the domain, we are testing this with an pentesting tool of the kali suite and the command line: net user /domain

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,907 questions
Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
12,065 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,887 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
3,003 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,903 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Daisy Zhou 29,471 Reputation points Microsoft Vendor
    2024-01-16T08:54:46.5066667+00:00

    Modified. Hello Jadan, Andres, Thank you for posting in Q&A forum. You can check these contents to ensure successful policy configuration and application: 1、Have you run "gpupdate/force" on the client computer to immediately apply policy changes after configuring Group Policy Objects (GPOs)?

    For checking Computer Configuration within gpresult, we can follow steps below. Logon this machine using administrator account. Open CMD (run as Administrator). Type gpresult /h C:\gpo.html and click Enter. Open gpo.html and check gpo setting under "Computer Details". 2、Reconfirm if the security settings are configured with the correct values,Specify user accounts or groups that are allowed to make remote calls to SAM. 3、Ensure that the GPO is linked to the correct organizational unit (OU) in Active Directory, where the target workstation is located. This strategy applies to computers to ensure that the objects in OU are computers rather than users. 4、View the security logs in the event viewer and search for entries related to group policy application errors or conflicts. I hope the information above is helpful. If you have any questions or concerns, please feel free to let us know. Best Regards, Daisy Zhou

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.