Configure SAM change password RPC methods policy
Supported on: At least Microsoft Windows 10 or later
Registry
Software\Microsoft\Windows\CurrentVersion\Policies\System\SAM Options
SamrChangeUserPasswordApiPolicy enum - Block all change password RPC methods
->
1 - Allow strong encryption change password RPC method only
->
2 - Allow all change password RPC methods
->
3
Description
This policy enables an administrator to configure the remote usage of change user password RPC methods in security account manager(SAM). When the policy is enabled, following options are supported: Block all change password RPC methods: block remote usage of all the security account manager(SAM) change password RPC methods. Allow strong encryption change password RPC method: allow remote use of the change password RPC method which uses strong encryption and blocks remote use of weak encryption methods. Allow all change password RPC methods: allows remote usage of all the change password RPC methods irrespetive of the encryption. Default policy: 1. Domain member computers - block all change password RPC methods. 2. Domain controllers - allow strong encryption change password RPC method. Note: If the policy is disabled or not configured, the machine will use the default policy.