3.018 - Anonymous shares are not restricted. - RestrictAnonymous

Information

This is a Category 1 finding because it allows anonymous logon users (null session connections) to list all account names and enumerate all shared resources, thus providing a map of potential points to attack the system.

Solution

Configure the policy values for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'Network access- Do not allow anonymous enumeration of SAM accounts' and 'Network access- Do not allow anonymous enumeration of SAM accounts and shares' to 'Enabled'.

See Also

http://iasecontent.disa.mil/stigs/zip/Oct2016/U_Windows_Vista_V6R41_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-4, CAT|I, CCI|CCI-001090, Rule-ID|SV-28982r1_rule, STIG-ID|3.018, Vuln-ID|V-1093

Plugin: Windows

Control ID: ed48987215dd952e38e0bb85e4e8aeb04136f76d767cf2f4658457b5dba76561