PingSentry   |   Blog   |   System32   |   GitHub   |   Free tools

Network Access: Do not allow anonymous enumeration of SAM accounts and shares

752e0588-decf-451b-9fef-cc3235765d54

An unauthorized user could anonymously list account names and shared resources and use the information to attempt to guess passwords or perform social-engineering attacks.

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares

Remediation

Remediation via GPO:
From Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options: Network Access: Do not allow anonymous enumeration of SAM accounts Should be set to Enabled.

Mor information: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares

Stig Desktop: https://www.stigviewer.com/stig/windows_10/2021-03-10/finding/V-220930
Stig Server: https://www.stigviewer.com/stig/windows_2008_member_server/2018-03-07/finding/V-1093
https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93537
https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93291



Tags

stig-high-server stig-high-desktop bestpractice-desktop bestpractice-server compliance-desktop compliance-server server desktop security-desktop security-server nist800-171-desktop nist800-171-server cmmc2-l1-desktop cmmc2-l1-server