Forum Discussion
Azure ATP remote calls to SAM blocked RDS connection
Hi, yes, this particular GPO setting needs to be tested first before configuring it and we do mention it in our docs as it might need special configurations for applications such as RDS or Citrix for that matter
See: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls
Or Tsemah Thank you for your reply. I am aware of this article and the audit mode, however neither this or any other I've read had any direct mention of RDS incompatibility with this policy.
Seeing how RDS is a Microsoft product are there any article with recommended/best practice configuration to work with this policy, where we would not need to add all users to this policy to keep RDS working.
ehloworldio I understand what you mean
You can see other products such as exchange publish support documentation regarding this group policy for example (https://support.microsoft.com/en-us/help/4055652/access-checks-fail-because-of-authz-access-denied-error-in-windows-ser), while this doesn't answer your question, i hope that it at least make it a bit more clear to why there are caveats with this policy.
