Network access: Sharing and security model for local accounts
|ID: oval:gov.nist.usgcb.windowsseven:def:95||Date: (C)2012-04-13 (M)2018-03-15|
|Class: COMPLIANCE||Family: windows|
This security setting determines how network logons that use local accounts are authenticated. If this setting is set to Classic, network logons that use local account credentials authenticate by using those credentials. The Classic model allows fine control over access to resources. By using the Classic model, you can grant different types of access to different users for the same resource.
If this setting is set to Guest only, network logons that use local accounts are automatically mapped to the Guest account. By using the Guest model, you can have all users treated equally. All users authenticate as Guest, and they all receive the same level of access to a given resource, which can be either Read-only or Modify.
Default on domain computers: Classic.
Default on stand-alone computers: Guest only
With the Guest only model, any user who can access your computer over the network (including anonymous Internet users) can access your shared resources. You must use the Windows Firewall or another similar device to protect your computer from unauthorized access. Similarly, with the Classic model, local accounts must be password protected; otherwise, those user accounts can be used by anyone to access shared system resources.
This setting does not affect interactive logons that are performed remotely by using such services as Telnet or Remote Desktop Services
Remote Desktop Services was called Terminal Services in previous versions of Windows Server.
This policy will have no impact on computers running Windows 2000.
When the computer is not joined to a domain, this setting also modifies the Sharing and Security tabs in Windows Explorer to correspond to the sharing and security model that is being used.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa!ForceGuest
|Microsoft Windows 7|