MC1113050: (Updated) Security hardening for Microsoft RPC Netlogon protocol

(Update: This post was updated to clarify that the change was Enabled by Default on Windows Server 2025 in May 2025 and to add information about how to configure this change.) Microsoft has introduced a hardening change to strengthen the Microsoft RPC Netlogon protocol by blocking RPC anonymous requests used to locate domain controllers. This change was Enabled by Default in the May 2025 Windows security update for Windows Server 2025, and in the July 2025 Windows security update for all supported versions from Windows Server 2008 SP2 through Windows Server 2022. This change is configurable by policy after installing the August 2025 Windows security update. See the article, KB5066014—Netlogon RPC Hardening (CVE-2025-49716), for details.  After applying these updates and subsequent updates, Active Directory domain controllers will reject certain anonymous RPC requests. This may affect interoperability with services like Samba unless they are updated to meet the new access requirements. To prepare for this update, review your environment for any dependencies on anonymous Netlogon RPC requests. If your organization uses Samba, refer to the Samba release notes for guidance on compatibility. It is also recommended to test the update in a staging environment to identify and address any potential disruptions before full deployment. For more information, see the May or July KB update article that matches your server version’s security update.