Detections
Analytics

Catalina - Disable Guest Access to Shared SMB Folders

Information

Guest access to shared Server Message Block (SMB) folders _MUST_ be disabled.

Turning off guest access prevents anonymous users from accessing files shared via SMB.

Solution

[source,bash]
----
/usr/sbin/sysadminctl -smbGuestAccess off
----

mobileconfig profile info:

com.apple.smb.server:
 AllowGuestAccess:
 False

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-2, 800-53|AC-2(9), 800-53|IA-2, CCE|CCE-84761-6

Plugin: Unix

Control ID: e0e75669f369614c06ae2abd9a9a04936f7a1e5bddda3447469f77e5076df6fa