ATADocs Correction to what the Security Compliance Toolkit says

What this page says about the MS Security Compliance Toolkit recommendation for the "Access this computer from the network" user rights assignment is incorrect. The SCT recommends different values for Windows 10/11 from Windows Server. For Windows Server (non-DC), it recommends Administrators + Authenticated Users, as this page says. For Windows Server (DC), it recommends Administrators + Authenticated Users + Enterprise Domain Controllers. But for Win10/11, it's only Administrators + Remote Desktop Users.

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

ID: 7e3335ba-d9e0-01f8-9cb3-b7771abe2414
Version Independent ID: 7e3335ba-d9e0-01f8-9cb3-b7771abe2414
Content: Configure SAM-R to enable lateral movement path detection - Microsoft Defender for Identity
Content Source: ATPDocs/deploy/remote-calls-sam.md
Service: microsoft-defender-for-identity
GitHub Login: @batamig
Microsoft Alias: bagol

Feb 15 '24 16:02 AaronMargosis

Thank you for your comment. We'll investigate and get back to you.

Feb 29 '24 16:02 batamig

To save you some time: ask Rick Munck. He's in the GAL.

Mar 01 '24 04:03 AaronMargosis

Thanks @AaronMargosis! I've confirmed this update and changes should be going in shortly. I'm going to close this for now, but please feel free to continue commenting if you have more feedback. We appreciate your contribution to docs! #please-close

Mar 14 '24 13:03 batamig

When will the changes be made, and what will the changes be? The text is still incorrect.

Mar 23 '24 17:03 AaronMargosis

Hi @AaronMargosis, the updated text reads

The Microsoft Security Compliance Toolkit recommends replacing the default Everyone with Authenticated Users to prevent anonymous connections from performing network sign-ins. Review your local policy settings before managing the Access this computer from the network setting from a GPO, and consider including Authenticated Users in the GPO if needed.

Please feel free to reopen this issue if there's something still missing.

Apr 15 '24 17:04 batamig

I don't see a way for me to reopen this issue, but the text is still incorrect. Per what I wrote when I first opened this issue, the SCT recommends against granting the logon right to Authenticated Users: "But for Win10/11, it's only Administrators + Remote Desktop Users."

Apr 18 '24 17:04 AaronMargosis

Thanks! I reopened and will take this back to investigate.

Apr 18 '24 17:04 batamig