From 6b86e2088932a2a3d48050666cf988b9b5a95bac Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 2 Aug 2021 15:43:29 +0300 Subject: [PATCH 1/2] Registry info update https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9537 --- ...n-controller-refuse-machine-account-password-changes.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md index 7a2193fd9c..60cec5d3f7 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md @@ -51,6 +51,13 @@ This policy setting enables or disables blocking a domain controller from accept Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options +The policy referenced configures the following registry value: + +Registry Hive: HKEY_LOCAL_MACHINE +Registry Path: \System\CurrentControlSet\Services\Netlogon\Parameters\ + +Value Name: RefusePasswordChange + ### Default values The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page. From 61534ecbc113da7cac2c5ca3a17dd2df586ece0c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 2 Aug 2021 09:35:58 -0700 Subject: [PATCH 2/2] Update domain-controller-refuse-machine-account-password-changes.md --- ...refuse-machine-account-password-changes.md | 27 +++++++------------ 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md index 60cec5d3f7..31325347d6 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md @@ -14,7 +14,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 ms.technology: mde --- @@ -31,17 +30,11 @@ This policy setting enables or disables blocking a domain controller from accept ### Possible values -- Enabled +- **Enabled** When enabled, this setting does not allow a domain controller to accept any changes to a machine account's password. - When enabled, this setting does not allow a domain controller to accept any changes to a machine account's password. +- **Disabled** When disabled, this setting allows a domain controller to accept any changes to a machine account's password. -- Disabled - - When disabled, this setting allows a domain controller to accept any changes to a machine account's password. - -- Not defined - - Same as Disabled. +- **Not defined** Same as Disabled. ### Best practices @@ -63,13 +56,13 @@ Value Name: RefusePasswordChange The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page. | Server type or GPO | Default value | -| - | - | -| Default Domain Policy | Not defined| -| Default Domain Controller Policy | Not defined| -| Stand-Alone Server Default Settings | Not defined| -| DC Effective Default Settings | Disabled| -| Member Server Effective Default Settings | Disabled| -| Client Computer Effective Default Settings | Not applicable| +|---|---| +| Default Domain Policy | Not defined | +| Default Domain Controller Policy | Not defined | +| Stand-Alone Server Default Settings | Not defined | +| DC Effective Default Settings | Disabled | +| Member Server Effective Default Settings | Disabled | +| Client Computer Effective Default Settings | Not applicable | ## Policy management