2.3.11.2 (L1) Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'

Information

This policy setting determines whether NTLM is allowed to fall back to a NULL session when used with LocalSystem.

The recommended state for this setting is: Disabled

NULL sessions are less secure because by definition they are unauthenticated.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled :

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Allow LocalSystem NULL session fallback

Impact:

Any applications that require NULL sessions for LocalSystem will not work as designed.

See Also

https://workbench.cisecurity.org/benchmarks/15273

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10)

Plugin: Windows

Control ID: e0b946b95ad3be3d0b4abad8a63c28d3dc5218cd345ebf2f56947f0ade0bf09b