Detections
Analytics

Catalina - Disable Guest Access to Shared SMB Folders

Information

Guest access to shared Server Message Block (SMB) folders _MUST_ be disabled.

Turning off guest access prevents anonymous users from accessing files shared via SMB.

Solution

[source,bash]
----
/usr/sbin/sysadminctl -smbGuestAccess off
----

mobileconfig profile info:

com.apple.smb.server:
 AllowGuestAccess:
 False

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-2, 800-53|AC-2(9), 800-53|IA-2, CCE|CCE-84761-6

Plugin: Unix

Control ID: 191aa81fc4f5da5b7dd9fe987dc313f50f40b11f47da9af64329d36140128ce6