question

JackG-2000 avatar image
0 Votes"
JackG-2000 asked JackG-2000 edited

Prevent password changes via SAMR

Per the link below, blocking port Kerberos change-password protocol, port 464, should block password changes, but I see it's now using SAMR (port 445) instead of Kerberos change-password protocol. Is there away to block password changes via SAMR? I don't think blocking port 445 would be ideal. I can block SAMR via policy below, but not sure if this is ideal as well, i.e. any additional unexpected impact? Basically the request is to block VPN users from changing their password when connect to the remote access VPN....

Policy Name: Network access - Restrict clients allowed to make remote calls to SAM
Location: Computer configuration, Windows settings, Security settings, Local policies, Security options

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/password-change-mechanisms

windows-serverwindows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers