Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Without Credentials
Medium Nessus Plugin ID 56210
SynopsisIt is possible to obtain the host SID for the remote host, without credentials.
DescriptionBy emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier), without credentials.
The host SID can then be used to get the list of local users.
SolutionYou can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value.
Refer to the 'See also' section for guidance.