2.3.10.5 (L1) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'

Information

This policy setting determines what additional permissions are assigned for anonymous connections to the computer.

The recommended state for this setting is: Disabled

An unauthorized user could anonymously list account names and shared resources and use the information to attempt to guess passwords, perform social engineering attacks, or launch DoS attacks.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled :

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users

Impact:

None - this is the default behavior.

See Also

https://workbench.cisecurity.org/benchmarks/17096

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10)

Plugin: Windows

Control ID: c9bedaca76c85d5b69a3fa98b9e4a5cf50086f6430def6444e3bf2f849ada124