Network access: Do not allow anonymous enumeration of SAM accounts
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Description
Determines what additional permissions will be granted for anonymous connections to the computer.
Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. By default, an anonymous user has the same access that is granted to the Everyone group for a given resource.
This security option allows additional restrictions to be placed on anonymous connections as follows:
| • | None. Rely on default permissions. |
| • | Do not allow enumeration of SAM accounts. This option replaces "Everyone" with "Authenticated Users" in the security permissions for resources. |
Default:
| • | Enabled on workstation. |
| • | Disabled on server. |
Important
| • | This policy has no impact on domain controllers. |
For more information, see:
| • | Network access: Let Everyone permissions apply to anonymous users |
| • |
