| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 49C6F584D4779A16D797193D1816709E6F574564 ~~~~~ 'Network access: Restrict clients allowed to make remote calls to SAM' is Configured Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\ Value Name: RestrictRemoteSAM Value: O:BAG:BAD:(A;;RC;;;BA) Type: REG_SZ Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 49C6F584D4779A16D797193D1816709E6F574564 ~~~~~ 'Network access: Restrict clients allowed to make remote calls to SAM' is Configured Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\ Value Name: RestrictRemoteSAM Value: O:BAG:BAD:(A;;RC;;;BA) Type: REG_SZ Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 49C6F584D4779A16D797193D1816709E6F574564 ~~~~~ 'Network access: Restrict clients allowed to make remote calls to SAM' is Configured Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\ Value Name: RestrictRemoteSAM Value: O:BAG:BAD:(A;;RC;;;BA) Type: REG_SZ Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: C0F3904C423975C11B19B4BFBF943881A50CAA13 ~~~~~ System is a 'Primary Domain Controller' so this requirement is NA. Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 49C6F584D4779A16D797193D1816709E6F574564 ~~~~~ 'Network access: Restrict clients allowed to make remote calls to SAM' is Configured Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\ Value Name: RestrictRemoteSAM Value: O:BAG:BAD:(A;;RC;;;BA) Type: REG_SZ Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 49C6F584D4779A16D797193D1816709E6F574564 ~~~~~ 'Network access: Restrict clients allowed to make remote calls to SAM' is Configured Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\ Value Name: RestrictRemoteSAM Value: O:BAG:BAD:(A;;RC;;;BA) Type: REG_SZ Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 49C6F584D4779A16D797193D1816709E6F574564 ~~~~~ 'Network access: Restrict clients allowed to make remote calls to SAM' is Configured Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\ Value Name: RestrictRemoteSAM Value: O:BAG:BAD:(A;;RC;;;BA) Type: REG_SZ Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 49C6F584D4779A16D797193D1816709E6F574564 ~~~~~ 'Network access: Restrict clients allowed to make remote calls to SAM' is Configured Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\ Value Name: RestrictRemoteSAM Value: O:BAG:BAD:(A;;RC;;;BA) Type: REG_SZ Comments |
|||||
Check Text
This applies to member servers and standalone or nondomain-joined systems. It is NA for domain controllers. If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Control\Lsa\ Value Name: RestrictRemoteSAM Value Type: REG_SZ Value: O:BAG:BAD:(A;;RC;;;BA)
Fix Text
Navigate to the policy Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network access: Restrict clients allowed to make remote calls to SAM". Select "Edit Security" to configure the "Security descriptor:". Add "Administrators" in "Group or user names:" if it is not already listed (this is the default). Select "Administrators" in "Group or user names:". Select "Allow" for "Remote Access" in "Permissions for "Administrators". Click "OK". The "Security descriptor:" must be populated with "O:BAG:BAD:(A;;RC;;;BA) for the policy to be enforced.