[Forgot Password]
Login  Register Subscribe

23631

 
 

126998

 
 

101924

 
 

909

 
 

80911

 
 

121

Paid content will be excluded from the download.


Download | Alert*
OVAL

Network access: Do not allow anonymous enumeration of SAM accounts

ID: oval:gov.nist.usgcb.windowsseven:def:86Date: (C)2012-04-13   (M)2018-02-16
Class: COMPLIANCEFamily: windows




This security setting determines what additional permissions will be granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. This security option allows additional restrictions to be placed on anonymous connections as follows: Enabled: Do not allow enumeration of SAM accounts. This option replaces Everyone with Authenticated Users in the security permissions for resources. Disabled: No additional restrictions. Rely on default permissions. Default on workstations: Enabled. Default on server: Disabled. Important This policy has no impact on domain controllers. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa!RestrictAnonymousSAM

Platform:
Microsoft Windows 7
Reference:
CCE-9249-4
CPE    1
cpe:/o:microsoft:windows_7
CCE    1
CCE-9249-4
XCCDF    12
xccdf_org.secpod_benchmark_Windows_7
xccdf_org.secpod_benchmark_general_Windows_7
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_7
xccdf_org.secpod_benchmark_ISO27001_Windows_7
...

© 2013 SecPod Technologies