Correction to what the Security Compliance Toolkit says #674
Comments
batamig
added
the
backlog-item-created
|
Thank you for your comment. We'll investigate and get back to you. |
|
To save you some time: ask Rick Munck. He's in the GAL. |
|
Thanks @AaronMargosis! I've confirmed this update and changes should be going in shortly. |
|
When will the changes be made, and what will the changes be? The text is still incorrect. |
|
Hi @AaronMargosis, the updated text reads The Microsoft Security Compliance Toolkit recommends replacing the default Everyone with Authenticated Users to prevent anonymous connections from performing network sign-ins. Review your local policy settings before managing the Access this computer from the network setting from a GPO, and consider including Authenticated Users in the GPO if needed. Please feel free to reopen this issue if there's something still missing. |
|
I don't see a way for me to reopen this issue, but the text is still incorrect. Per what I wrote when I first opened this issue, the SCT recommends against granting the logon right to Authenticated Users: "But for Win10/11, it's only Administrators + Remote Desktop Users." |
|
Thanks! I reopened and will take this back to investigate. |
What this page says about the MS Security Compliance Toolkit recommendation for the "Access this computer from the network" user rights assignment is incorrect. The SCT recommends different values for Windows 10/11 from Windows Server.
For Windows Server (non-DC), it recommends Administrators + Authenticated Users, as this page says.
For Windows Server (DC), it recommends Administrators + Authenticated Users + Enterprise Domain Controllers.
But for Win10/11, it's only Administrators + Remote Desktop Users.
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: