Jean-Philippe Pialasse
452d0ba960
- disable access to list of users without being logged in [SME: 12765]
9 lines
564 B
Plaintext
9 lines
564 B
Plaintext
{
|
|
# 0 allows to retrieve the list of users without being logged on the domain
|
|
# 1 will disable anonymous SAMR access. (including user enumeration)
|
|
# 2 will, in addition to restricting SAMR access, disallow anonymous connections to the IPC$ share in general. (preventing login to smb PDC)
|
|
# The option also affects the browse option which is required by legacy clients which rely on Netbios browsing.
|
|
# While modern Windows version should be fine with restricting the access there could still be applications relying on anonymous access.
|
|
}
|
|
restrict anonymous = 1
|