Create the Windows AD GPO

Step 1:

Log in to your domain controller and open the Group Policy Management Editor.
Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

Select Network access: Restrict clients allowed to make remote calls to SAM.

Step 2:

Check the checkbox for Define this policy setting.
Select Edit Security.

By default, administrators will have the Remote Access setting set to allow. You can choose to edit this setting according to your organization's security policies, but for the purpose of this document, follow the steps below.

Select the domain joined service account you created for Epiphany.
Select OK.

Step 3:

The security descriptor field will have the new settings populated. Select Apply.

Step 4:

You can verify the new settings that are displayed on the first Group Policy Management Editor window shown in the prior steps.

For further reading please refer to the Microsoft article in the supplemental resources.

PreviousWindows AD (Legacy Version)NextSupplemental Information

Last updated 2 years ago