Policy types

Sakura434 1 Reputation point
2021-06-08T01:58:14.687+00:00

I have DC 2016 and Win10 v1909/20H and 2004
im doing hardening for Win10 policy however, some of policies are not configured on Security Options but patches are updated.

Domain member: Digitally encrypt or sign secure channel data (always)
Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)
Domain member: Disable machine account password changes
Network access: Restrict clients allowed to make remote calls to SAM ----- >what happened if configure these both server and client

Thanks

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,443 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Daisy Zhou 22,716 Reputation points Microsoft Vendor
    2021-06-08T09:50:12.973+00:00

    Hello @Sakura434 ,

    Thank you for posting here.

    I have check 2016 DC in my lab.

    By default, the following settings are not defined in Default Domain Policy.

    Domain member: Digitally encrypt or sign secure channel data (always)==>Not defined
    Domain member: Digitally encrypt secure channel data (when possible)==>Not defined
    Domain member: Digitally sign secure channel data (when possible)==>Not defined
    Domain member: Disable machine account password changes==>Not defined
    Network access: Restrict clients allowed to make remote calls to SAM==>Not defined

    the following settings are not defined in Default Domain Controller Policy except the first settings.

    Domain member: Digitally encrypt or sign secure channel data (always)==>Enabled
    Domain member: Digitally encrypt secure channel data (when possible)==>Not defined
    Domain member: Digitally sign secure channel data (when possible)==>Not defined
    Domain member: Disable machine account password changes==>Not defined
    Network access: Restrict clients allowed to make remote calls to SAM==>Not defined

    Q: Network access: Restrict clients allowed to make remote calls to SAM ----- >what happened if configure these both server and client
    A: If the policy is defined, admin tools, scripts and software that formerly enumerated users, groups and group membership may fail.

    For more information, please refer to link below.
    Network access: Restrict clients allowed to make remote calls to SAM
    https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.