Correction to what the Security Compliance Toolkit says

[AaronMargosis]

What this page says about the MS Security Compliance Toolkit recommendation for the "Access this computer from the network" user rights assignment is incorrect. The SCT recommends different values for Windows 10/11 from Windows Server.
For Windows Server (non-DC), it recommends Administrators + Authenticated Users, as this page says.
For Windows Server (DC), it recommends Administrators + Authenticated Users + Enterprise Domain Controllers.
But for Win10/11, it's only Administrators + Remote Desktop Users.

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 7e3335ba-d9e0-01f8-9cb3-b7771abe2414
• Version Independent ID: 7e3335ba-d9e0-01f8-9cb3-b7771abe2414
• Content: Configure SAM-R to enable lateral movement path detection - Microsoft Defender for Identity
• Content Source: ATPDocs/deploy/remote-calls-sam.md
• Service: microsoft-defender-for-identity
• GitHub Login: @batamig
• Microsoft Alias: bagol

[batamig]

Thank you for your comment. We'll investigate and get back to you.

[AaronMargosis]

To save you some time: ask Rick Munck. He's in the GAL.

[batamig]

Thanks @AaronMargosis! I've confirmed this update and changes should be going in shortly.
I'm going to close this for now, but please feel free to continue commenting if you have more feedback.
We appreciate your contribution to docs!
#please-close

[AaronMargosis]

When will the changes be made, and what will the changes be? The text is still incorrect.

[batamig]

Hi @AaronMargosis, the updated text reads

The Microsoft Security Compliance Toolkit recommends replacing the default Everyone with Authenticated Users to prevent anonymous connections from performing network sign-ins. Review your local policy settings before managing the Access this computer from the network setting from a GPO, and consider including Authenticated Users in the GPO if needed.

Please feel free to reopen this issue if there's something still missing.

[AaronMargosis]

I don't see a way for me to reopen this issue, but the text is still incorrect. Per what I wrote when I first opened this issue, the SCT recommends against granting the logon right to Authenticated Users: "But for Win10/11, it's only Administrators + Remote Desktop Users."

[batamig]

Thanks! I reopened and will take this back to investigate.