How can I restrict access to objects from Anonymous accounts?

A. It is possible to restrict the ability to list domain user names and enumerate share names available to anonymous logon users (also known as NULL session connections). If you feel this is a security risk Service Pack 3 for Windows NT 4.0 introduces a new option to stop anonymous users listing users and shares.

To enable this perform the following:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. From the Edit menu select New - DWORD value and enter a name of RestrictAnonymous if it does not already exist
  4. Double click the value and set to 1. Click OK
  5. Reboot the computer

After performing this change you should update your Emergency Repair Disk using RDISK.EXE.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.