Network access: Do not allow anonymous enumeration of SAM accounts and sharesID: oval:org.secpod.oval:def:8744 | Date: (C)2013-01-21 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
The Network access: Do not allow anonymous enumeration of SAM accounts and shares setting should be configured correctly.
This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares. If you enable this policy setting, anonymous users will not be able to enumerate domain account user names and network share names on the workstations in your environment. The Network access: Do not allow anonymous enumeration of SAM accounts and shares setting is configured to Enabled for the two environments that are discussed in this guide.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares
(2) KEY: HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous
Platform: |
Microsoft Windows Server 2008 R2 |