Forum Discussion

mcliviu's avatar
mcliviu
Copper Contributor
Jan 31, 2020

Azure ATP SAM-R

Hi everyone. Context: One of the AATP prerequisites is the SAM-R GPO. https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step8-samr The link above describes how the gpo...
Or Tsemah's avatar
Or Tsemah
Former Employee
Feb 03, 2020

mcliviu 

Keep in mind that unlinking the GPO does not remove it's associated registry setting defined in https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls#policy-and-registry-names and you have to remove it yourself using group policy preferences or other means (script?).

In regards to the documentation around that requirement, we will take your feedback under advisement.

 

mcliviu's avatar
mcliviu
Copper Contributor
Feb 03, 2020

Or Tsemah 

Hi,

In the documentation it says the fix is to unlink the GPO.

When the GPO is unlinked, the default settings should apply.

https://support.microsoft.com/en-us/help/4055652/access-checks-fail-because-of-authz-access-denied-error-in-windows-ser

 

Method 2: Disable the policy

Clear the RestrictRemoteSAM registry entry or remove the policy.

 

The documentation states "or", not "and"

 

If that is applied to thousands of computers, manually removal it's not an option....