Issue
The RestrictAnonymous registry setting controls the level of enumeration granted to an anonymous user. If RestrictAnonymous is set to 0 (that is, the default setting), any user can obtain system information, including: user names and details, account policies, and share names. Anonymous users can use this information in an attack against your system. The list of user names and share names could help potential attackers identify who is an administrator, which computers have weak account protection, and which computers share information with the network.
Solution
To restrict anonymous connections from accessing this system information, change the RestrictAnonymous security settings. You can do this through the Security Configuration Manager snap-in (setting is defined in the Local Policies portion of the default security templates), or through a registry editor. You can change the registry setting from 0 to 1 in Microsoft Windows NT 4.0, or from 0 to 1 or 2 in Windows 2000:
0 - None. Rely on default permissions
1 - Do not allow enumeration of Security Accounts Manager (SAM) accounts and names
2 - No access without explicit anonymous permissions (not available on Windows NT 4.0)
The RestrictAnonymous registry setting controls the level of enumeration granted to an anonymous user. If RestrictAnonymous is set to 0 (that is, the default setting), any user can obtain system information, including: user names and details, account policies, and share names. Anonymous users can use this information in an attack against your system. The list of user names and share names could help potential attackers identify who is an administrator, which computers have weak account protection, and which computers share information with the network.
Solution
To restrict anonymous connections from accessing this system information, change the RestrictAnonymous security settings. You can do this through the Security Configuration Manager snap-in (setting is defined in the Local Policies portion of the default security templates), or through a registry editor. You can change the registry setting from 0 to 1 in Microsoft Windows NT 4.0, or from 0 to 1 or 2 in Windows 2000:
0 - None. Rely on default permissions
1 - Do not allow enumeration of Security Accounts Manager (SAM) accounts and names
2 - No access without explicit anonymous permissions (not available on Windows NT 4.0)
Facebook
Twitter