I've got a Windows Server 2019 with Windows Server 2019 Security Baseline settings applied to it. Then I enable WinRM on the server and set the registry key HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy
to 1. After that WinRM works as expected.
However, after reboot the LocalAccountTokenFilterPolicy
is set back to 0. This only happens with the Security Baseline settings applied to it, not on a default Windows 2019 installation.
I traced boot process with Sysinternal's Procmon.exe and I see how the 'Group Policy Client' does set the LocalAccountTokenFilterPolicy
back to 0 on the server reboot.
How do I find out which group policy setting does change the registry setting. I can't find which group policy does influence that registry key.