2.3.10.6 Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'

Information

This policy setting determines which communication sessions, or pipes, will have attributes and permissions that allow anonymous access.

The recommended state for this setting is: <blank> (i.e. None).

Rationale:

Limiting named pipes that can be accessed anonymously will reduce the attack surface of the system.

Solution

To establish the recommended configuration via GP, set the following UI path to <blank> (i.e. None):

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Named Pipes that can be accessed anonymously

Impact:

This configuration will disable null session access over named pipes, and applications that rely on this feature or on unauthenticated access to named pipes will no longer function.

Default Value:

None.

See Also

https://workbench.cisecurity.org/files/2646