Network Access: Do not allow anonymous enumeration of SAM accounts and shares

752e0588-decf-451b-9fef-cc3235765d54

An unauthorized user could anonymously list account names and shared resources and use the information to attempt to guess passwords or perform social-engineering attacks.

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares

Remediation

Remediation via GPO:
From Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options: Network Access: Do not allow anonymous enumeration of SAM accounts Should be set to Enabled.

Mor information: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares

Stig Desktop: https://www.stigviewer.com/stig/windows_10/2021-03-10/finding/V-220930
Stig Server: https://www.stigviewer.com/stig/windows_2008_member_server/2018-03-07/finding/V-1093



stig-high-server
stig-high-desktop
bestpractice-desktop
bestpractice-server
compliance-desktop
compliance-server
server
desktop
security-desktop
security-server
nist800-171
cmmc-l1