Information
This policy setting determines which communication sessions, or pipes, will have attributes and permissions that allow anonymous access.
The recommended state for this setting is: <blank> (i.e. None).
Rationale:
Limiting named pipes that can be accessed anonymously will reduce the attack surface of the system.
Solution
To establish the recommended configuration via GP, set the following UI path to <blank> (i.e. None):
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Named Pipes that can be accessed anonymously
Impact:
This configuration will disable null session access over named pipes, and applications that rely on this feature or on unauthenticated access to named pipes will no longer function.
Default Value:
None.
References:
1. CCE-34965-4