WN16-SO-000270 - Anonymous enumeration of shares must not be allowed.

Information

Allowing anonymous logon users (null session connections) to list all account names and enumerate all shared resources can provide a map of potential points to attack the system.

Solution

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' to 'Enabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2016_V2R10_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-4, CAT|I, CCI|CCI-001090, Rule-ID|SV-225046r958524_rule, STIG-ID|WN16-SO-000270, STIG-Legacy|SV-88333, STIG-Legacy|V-73669, Vuln-ID|V-225046

Plugin: Windows

Control ID: d0b1cc2d02dedc5456108af6ffebd012f96c887d4923cc0ddc75e56b44682296