Archive

Posts Tagged ‘NULL Session’

How to disable SMB/NETBIOS NULL Session on domain controllers

July 29, 2015 Leave a comment

Applies to : Windows 2008, windows 2008 r2 and Windows 2012/R2

By default null sessions (unauthenticated ) are enabled on windows 2000 and 2003 servers . As a result anyone can use these NULL connections to enumerate potentially sensitive information from the servers. Null session vulnerability is disabled on fresh Windows 2008 and earlier versions

This post explain the steps for disabling SMB/NETBIOS NULL Session on domain controllers using group policy.

Step 1 : Apply below group policy settings to Default Domain Controller policy object or to the GPO object that is applied to your domain controllers.

Edit GPO- Go to Computer configuration\Policies\Windows settings\Security Settings\Local Policies\SecurityOptions

Enable:
Network access: Restrict Anonymous access to Named Pipes and Shares
Network access: Do not allow anonymous enumeration of SAM accounts
Network access: Do not allow anonymous enumeration of SAM accounts and shares
Network access: Shares that can be accessed anonymously
Disable:
Network access: Let Everyone permissions apply to anonymous users
Network access: Allow anonymous SID/Name translation

Step 2 : Update the registry key values to restrict null session as below:

HKEY\SYSTEM\CurrentControlSet\Control\Lsa:
RestrictAnonymous = 1
Restrict AnonymousSAM = 1
EveryoneIncludesAnonymous = 0

Categories: Active Directory Tags:
%d bloggers like this: