Re: Null session in Windows XP

From: Laura A. Robinson (
Date: 03/28/02

From: "Laura A. Robinson" <>
Date: Thu, 28 Mar 2002 12:18:47 -0500

Ope, I forgot one thing- in XP, the membership of the "Everyone" group has
changed. See this URL:

The following may also be useful; as you can see, there have been changes
throughout the product developments, from NT to Win2K to XP/.Net.

----- Original Message -----
From: "Tomasz Polus" <>
Sent: Thursday, March 28, 2002 4:01 AM
Subject: RE: Null session in Windows XP

> -----Original Message-----
> From: Eric []
> Sent: Wednesday, March 27, 2002 8:16 PM
> Subject: Re: Null session in Windows XP
> Null sessions can *always* be established to NT4, Windows
> 2000, and Windows
> XP machines.

Eric, thank you for your answer. Maybe I'm wrong, but I cannot agree
with above statement. When I set the

Services\lanmanserver\parameters\RestrictNullSessAccess=1 (dword)

registry key in Windows 2000 and Windows NT, they simply _does_not_
let me establish null session. They respond with Access Denied message.

> What has changed, however, is what you are able to do once
> you establish
> the null session. In NT4 and Win2K, by default, you could enumerate
> information about users and shares. Setting
> RestrictAnonymous=1 would help
> RestrictAnonymous=2
> RestrictAnonymousSam=1 is a default setting. This prevents detailed
> RestrictAnonymous=2 (on XP) is no longer a valid setting.

Thank you for this summary, however I know all these keys and set
them properly. Still, I can establish null session to Windows XP. It
nothing to the attacker as I my computer is secured in many other ways,
however, I would like to turn it off - this is very annoying to me ;-)

Could somebody please check this out to support/discard my statement?
I could be wrong of course - I just want to be sure.

Tomasz Polus

Relevant Pages

  • [NT] Cryptographic Flaw in RDP Protocol Can Lead to Information Disclosure
    ... The Remote Data Protocol (RDP) provides the means by which Windows systems ... The first involves how session encryption is implemented in certain ... An attacker who was able to eavesdrop on and record ...
  • Re: Security Question
    ... This article by Mark Russinovich about "Inside Windows Vista User Account Control" might be interresting... ... is logged into that session where it's displayed. ... Similarly, there is no sharp dividing line between two windows on the same desktop - they share a communication to and from the desktop, and sometimes between themselves. ... So, no, what the original poster describes is clearly _not_ the case - two processes running in different sessions should not interfere, because there is a security boundary between them. ...
  • Re: Mapping network resources from a service
    ... > stations and desktops. ... I think I need to create a new windows station for each ... its own separate session id. ... so the TS session & security context represent the same boundary as ...
  • RE: Spying, admin to user login?, Is it possible?
    ... shadow session could not be created directly on Windows XP computer. ... you could active only one user session at one time ... you need to remote desktop to a Windows 2003 ... Microsoft also publishes a KB to describe this work around in detail. ...
  • Re: Remote Desktop Re-Connect
    ... does not include Windows 2003 or Windows Server. ... available target OS's are appropriate for Windows Server 2003 SE SP1? ... but my recollection was that the key is to look for event log errors at the ... remote session, and my local printer is not. ...