Information
This policy setting determines which communication sessions, or pipes, will have attributes and permissions that allow anonymous access.
The recommended state for this setting is: - Level 1 - Domain Controller. The recommended state for this setting is: 'LSARPC, NETLOGON, SAMR' and (when the legacy _Computer Browser_ service is enabled) 'BROWSER'.
- Level 1 - Member Server. The recommended state for this setting is: '' (i.e.
None), or (when the legacy _Computer Browser_ service is enabled) 'BROWSER'.
Note: A Member Server that holds the _Remote Desktop Services_ Role with _Remote Desktop Licensing_ Role Service will require a special exception to this recommendation, to allow the 'HydraLSPipe' and 'TermServLicensing' Named Pipes to be accessed anonymously.
Solution
To establish the recommended configuration via GP, configure the following UI path:
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Named Pipes that can be accessed anonymously