CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

This policy setting allows you to restrict remote RPC connections to SAM.

The recommended state for this setting is: Administrators: Remote Access: Allow .

Note: AWindows 10 R1607, Server 2016 or newer OS is required to access and set this value in Group Policy.

Rationale:

To ensure that an unauthorized user cannot anonymously list local account names or groups and use the information to attempt to guess passwords or perform social engineering attacks. (Social engineering attacks try to deceive users in some way to obtain passwords or some form of security information.)

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa:restrictremotesam

Remediation:

To establish the recommended configuration via GP, set the following UI path to Administrators: Remote Access: Allow :

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Restrict clients allowed to make remote calls to SAM

Impact:

None - this is the default behavior.

245 | P a g e