Network access: Do not allow anonymous enumeration of SAM accounts and shares This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares. If you enable this policy setting, anonymous users will not be able to enumerate domain account user names and network share names on the workstations in your environment. The Network access: Do not allow anonymous enumeration of SAM accounts and shares setting is configured to Enabled for the two environments that are discussed in this guide.

[enable/disable]

(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options!Network access: Do not allow anonymous enumeration of SAM accounts and shares (2) REG: HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsa!RestrictAnonymous