2.3.10.11 (L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'

Information

This policy setting determines which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server.

The recommended state for this setting is: <blank> (i.e. None).

It is very dangerous to allow any values in this setting. Any shares that are listed can be accessed by any network user, which could lead to the exposure or corruption of sensitive data.

Solution

To establish the recommended configuration via GP, set the following UI path to <blank> (i.e. None):

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously

Impact:

None - this is the default behavior.

See Also

https://workbench.cisecurity.org/benchmarks/17129

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CSCv7|14.6

Plugin: Windows

Control ID: 7f3a7927628c1e1f80a833a0f0d88ad24ba6a82ea2ea852f6668b8f24d747a48