# Create the Windows AD GPO

#### Step 1:&#x20;

* Log in to your domain controller and open the Group Policy Management Editor.
* Go to Computer **Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options**.

![](https://4132260347-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftkp3obVDMu3n9ZTUpfEP%2Fuploads%2FgWeVdeJ5KceIgcR6KDRj%2Fimage.png?alt=media\&token=3ee4993b-26bc-47a9-bac3-9bf8e4c0ca1a)

* Select **Network access: Restrict clients allowed to make remote calls to SAM**.

![](https://4132260347-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftkp3obVDMu3n9ZTUpfEP%2Fuploads%2FJ9ZkX0poAGbd7tSjAph9%2Fimage.png?alt=media\&token=badfc4f1-1f45-48ce-8c20-eb74f1732359)

#### Step 2:&#x20;

* Check the checkbox for **Define this policy setting**.&#x20;
* Select **Edit Security**.

![](https://4132260347-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftkp3obVDMu3n9ZTUpfEP%2Fuploads%2FNhhnJ8OGVKJXlB47cpe2%2Fimage.png?alt=media\&token=8772b304-54ca-4366-a701-42c009cc41e0)

{% hint style="info" %}
By default, administrators will have the Remote Access setting set to allow. You can choose to edit this setting according to your organization's security policies, but for the purpose of this document, follow the steps below.
{% endhint %}

* Select the domain joined service account you created for Epiphany.
* Select **OK**.&#x20;

![](https://4132260347-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftkp3obVDMu3n9ZTUpfEP%2Fuploads%2Fh9ELoPUZAXwjHLKIiDiq%2Fimage.png?alt=media\&token=127c7ea8-7111-4aa9-9010-574253ade5d2)

![](https://4132260347-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftkp3obVDMu3n9ZTUpfEP%2Fuploads%2FmZIkkuVbjiviiWymS49v%2Fimage.png?alt=media\&token=e95a5df6-1fa3-4189-ba64-8370072f878b)

#### Step 3:&#x20;

* The security descriptor field will  have the new settings populated. Select **Apply.**

![](https://4132260347-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftkp3obVDMu3n9ZTUpfEP%2Fuploads%2Fj2sPPdCsSRRgUO4otOcA%2Fimage.png?alt=media\&token=b4f6c648-3d32-40c9-a1c1-928cc927f1de)

#### Step 4:&#x20;

* You can verify the new settings that are displayed on the first **Group Policy Management Editor** window shown in the prior steps.

![](https://4132260347-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftkp3obVDMu3n9ZTUpfEP%2Fuploads%2FbHXFTE2mndThnUe0IaBe%2Fimage.png?alt=media\&token=478319ba-389c-4168-bf2f-c69ebb1257ad)

For further reading please refer to the Microsoft article in the [**supplemental resources**](#supplemental-resources).