WN11-SO-000150 - Anonymous enumeration of shares must be restricted.

Information

Allowing anonymous logon users (null session connections) to list all account names and enumerate all shared resources can provide a map of potential points to attack the system.

Solution

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' to 'Enabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_11_V2R2_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-4, CAT|I, CCI|CCI-001090, Rule-ID|SV-253454r958524_rule, STIG-ID|WN11-SO-000150, Vuln-ID|V-253454

Plugin: Windows

Control ID: d1a4287aa9a4d81e1c276955f6732ffaf9fe4ca0a4d4f84b9b05cac8b610e55a