HostedDB - Dedicated UNIX Servers
Q. How can I restrict access to objects from Anonymous accounts?

Q. How can I restrict access to objects from Anonymous accounts?

A. It is possible to restrict the ability to list domain user names and enumerate share names available to anonymous logon users (also known as NULL session connections). If you feel this is a security risk Service Pack 3 for Windows NT 4.0 introduces a new option to stop anonymous users listing users and shares.

To enable this perform the following:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. From the Edit menu select New - DWORD value and enter a name of RestrictAnonymous if it does not already exist
  4. Double click the value and set to 1. Click OK
  5. Reboot the computer

After performing this change you should update your Emergency Repair Disk using RDISK.EXE.

This FAQ is copyright © 1999 John Savill (SavillTech Ltd). No part of this document should be reproduced, distributed or altered without my written permission. Contact Information.