Information
This policy setting determines whether NTLM is allowed to fall back to a NULL session when used with LocalSystem.
The recommended state for this setting is: Disabled.
Rationale:
NULL sessions are less secure because by definition they are unauthenticated.
Impact:
Any applications that require NULL sessions for LocalSystem will not work as designed.
Solution
To establish the recommended configuration via GP, set the following UI path to Disabled:
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Allow LocalSystem NULL session fallback
Default Value:
On Windows Server 2008 (non-R2): Enabled. (NTLM will be permitted to fall back to a NULL session when used with LocalSystem.)
On Windows Server 2008 R2 and newer: Disabled. (NTLM will not be permitted to fall back to a NULL session when used with LocalSystem.)
Additional Information:
Microsoft Windows Server 2016 Security Technical Implementation Guide:
Version 2, Release 2, Benchmark Date: May 04, 2021
Vul ID: V-225050
Rule ID: SV-225050r569186_rule
STIG ID: WN16-SO-000330
Severity: CAT II
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1
Control ID: ff4e6dafd735a74e92f4afbda0778f2c7acb9b1da0ef02fa3ba6200206dac9b8