question

WojD4909 avatar image
0 Votes"
WojD4909 asked asraf commented

Network access: Restrict clients allowed to make remote calls to SAM

I have Domain Controller Windows 2012 R2, Recently I wanted to configure Policy which I have seen in my Windows 2016/19
Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network access: Restrict clients allowed to make remote calls to SAM".
Unfortunately in Windows 2012 and my ADMX files from windows 10 1903, I can't configure this setting. I have checked the newest ADMX files in internet, and I also havent found this in newest ADMX files
https://www.microsoft.com/en-us/download/101451

Can somebody help me with that?

windows-group-policywindows-server-2012
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

WojD4909 avatar image
0 Votes"
WojD4909 answered asraf commented

You can.
On Win2012 :
Right Click needed Policy->Back up...

Copy "backup" policy files From Windows 2012 to Windows 2016

On Win2016 :
Create empty policy->Right click Import Settings->Choose "backup" policy from Windows2012-> next next next
Modify "Network access: Restrict clients allowed to make remote calls to SAM" Setting
Right click ->Back up... Modified policy

Copy Modified Backup policy from Windows 2016 to Windows2012

Win2012:
Create Empty Policy
Import Modified Backup policy from Windows 2016


I hope it is clear.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

this didnt help
Any idea how to resolve this issue?

0 Votes 0 ·

For me it was working like that. Until Microsoft will not add this option to admx files probably there will be no other option.

0 Votes 0 ·

Can you please attach the exported one from 2016 here? So that I will try to import it to 2012 server

0 Votes 0 ·
FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,
Based on my understanding , this is not related to the ADMX files .

The setting was first supported by Windows 10 version 1607 and Windows Server 2016 (RTM) and can be configured on earlier Windows client and server operating systems by installing updates from the KB articles listed following:
Windows Server 2012 R2 with KB 4012219 installed
Windows Server 2012 with KB 4012220 installed

Then try to configure it again.
Following link for your reference:

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls
Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

WojD4909 avatar image
0 Votes"
WojD4909 answered FanFan-MSFT commented

Hi

Thank you for your answer, I have checked, and it looks like it doesn't work. The KB4012219 cant be installed. I have checked also prerequisites, and i have mentioned KB installed.

68592-1.png



I always thought that when you have ADMX store, all Group policy definitions are controlled by ADMX, but I might be wrong.


1.png (111.9 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Yes, the ADMX files are related to the policies under the administrative templates as following:
68867-2171.jpg

For now, the lab is temporarily invisible duration of the maintenance ,I will do a test in my lab and update here once the lab can be used again!

Best Regards,


0 Votes 0 ·
2171.jpg (26.2 KiB)
learningmandan avatar image
0 Votes"
learningmandan answered

Did anyone get an answer on this I am seeing same issue?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

WojD4909 avatar image
0 Votes"
WojD4909 answered

I have done a workaround I have configured the policy in Test Domain Controller Windows 2016, and export it to Windows 2012 DCs, it is working like that. I haven't found any other possibility. Maybe it should be reported to Microsoft.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

learningmandan avatar image
0 Votes"
learningmandan answered

I did not know you could export policies to a downlevel DC

Was that difficult to do?

I will look into this thanks?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.