Network access: Do not allow anonymous enumeration of SAM accounts and shares
This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares. If you enable this policy setting, anonymous users will not be able to enumerate domain account user names and network share names on the workstations in your environment.
The Network access: Do not allow anonymous enumeration of SAM accounts and shares setting is configured to Enabled for the two environments that are discussed in this guide.
[enable/disable]
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Network access: Do not allow anonymous enumeration of SAM accounts and shares
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa!RestrictAnonymous
oval:org.secpod.oval:def:22941
SCAP Repo OVAL Definition
2015-01-07