Network access: Restrict anonymous access to Named Pipes and SharesID: oval:org.secpod.oval:def:56711 | Date: (C)2019-07-05 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings.
This policy setting controls null session access to shares on your computers by adding RestrictNullSessAccess with the value 1 in the HKLM\System\CurrentControlSet\Services\LanManServer\Parameters registry key. This registry value toggles null session shares on or off to control whether the server service restricts unauthenticated clients' access to named resources. Null sessions are a weakness that can be exploited through shares (including the default shares) on computers in your environment.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Network access: Restrict anonymous access to Named Pipes and Shares
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters!restrictnullsessaccess
Platform: |
Microsoft Windows Server 2019 |