Policy
Configure SAM change password RPC methods policy
Microsoft Windows
Policy overview
Key metadata and intent for this policy.
This policy enables an administrator to configure the remote usage of change user password RPC methods in security account manager(SAM). When the policy is enabled, following options are supported: Block all change password RPC methods: block remote usage of all the security account manager(SAM) change password RPC methods. Allow strong encryption change password RPC method: allow remote use of the change password RPC method which uses strong encryption and blocks remote use of weak encryption methods. Allow all change password RPC methods: allows remote usage of all the change password RPC methods irrespetive of the encryption. Default policy: 1. Domain member computers - block all change password RPC methods. 2. Domain controllers - allow strong encryption change password RPC method. Note: If the policy is disabled or not configured, the machine will use the default policy.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Scope | Element | Type | Registry mapping | Constraints & behavior | Copy |
|---|---|---|---|---|---|
| Computer | Options for Sam password change RPC method policy: ID SamrChangeUserPasswordApiPolicySettings | enum | Path Software\Microsoft\Windows\CurrentVersion\Policies\System\SAM Value name SamrChangeUserPasswordApiPolicy Type REG_DWORD | Options: Block all change password RPC methods (1), Allow strong encryption change password RPC method only (2), Allow all change password RPC methods (3) |