PingSentry   |   Discord   |   System32   |   GitHub   |   Free tools

Network Access: Do not allow anonymous enumeration of shares

0d97c353-2198-4a09-a41b-9df3498067dc

Allowing anonymous logon users (null session connections) to list all account names and enumerate all shared resources can provide a map of potential points to attack the system.

Remediation

To fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ Security Options
|_ Network access: Do not allow anonymous enumeration of SAM accounts and shares to "Enabled".

STIG Desktop:
W11: https://www.stigviewer.com/stig/microsoft_windows_11/2024-06-10/finding/V-253454
W10: https://www.stigviewer.com/stig/microsoft_windows_10/2024-06-13/finding/V-220930 / https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220930

Server:
2022: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2024-06-14/finding/V-254467
2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2024-06-14/finding/V-205724 / https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93537
2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2024-02-21/finding/V-225046 / https://www.stigviewer.com/stig/windows_server_2016/2020-06-16/finding/V-73669

NIST 800-53: AC-6(10),
NIST 800-171 rev2: 3.1.7

NIST 800-171 rev3: 03.01.07.a
NIST 800-171A: 3.1.7[a], 3.1.7[b], 3.1.7[c], 3.1.7[d]
NIST 800-171A Rev3: A.03.01.07.a
OWASP Top 10 v2021: A01:2021
CSCv6: 16
MITRE Att&ck: T1135, T1087, T1046
CMMC v2 L2: AC.L2-3.1.7, AC.L2-3.1.7
CMMC v2.1 L2: AC.L2-3.1.7, AC.L2-3.1.7



Tags

stig-high-server stig-high-desktop bestpractice-desktop bestpractice-server compliance-desktop compliance-server server desktop security-desktop security-server nist800-171-desktop nist800-171-server nist800-53-desktop nist800-53-server owasptop-desktop owasptop-server mitre-att-desktop mitre-att-server cmmc2-l2-desktop cmmc2-l2-server