Disable Null Sessions

From: "James" <acidflea@xxxxxxxxxxx>
Date: Tue, 12 Jan 2010 15:08:47 -0600

We had an audit and were told to disable null sessions on all of our
servers. I found that we could use group policy to accomplish this. I have
enabled the following settings on a test OU and moved a server to that OU.

Network access: Do not allow anonymous enumeration of SAM accounts
Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and
shares Enabled

I was wondering the easiest way to verify that the null sessions have been
disabled? I downloaded a few applications that stated they would check this.
When I try to test I get the same results on my existing servers as I do on
the server that I put in the test OU with the GPO.

Thanks,
James

.

Follow-Ups:
- Re: Disable Null Sessions
  - From: JASON ARCHER
- Re: Disable Null Sessions
  - From: James

Prev by Date: Renewing Cert for Subordinate (Issuing) CA in PKI
Next by Date: RE: Renewing Cert for Subordinate (Issuing) CA in PKI
Previous by thread: Renewing Cert for Subordinate (Issuing) CA in PKI
Next by thread: Re: Disable Null Sessions
Index(es):
- Date
- Thread

Relevant Pages

Re: nessus scan
... Null sessions do NOT allow unauthenticated access to data on ... > when XP Pro users try to change their domain passwords at logon. ... > downlevel clients to access those servers. ... > auditing for account logons events and account management on domain ...
(microsoft.public.win2000.security)
Re: How to protect my terminal servers?
... If I turn this all on from the console, will it apply it to all user sessions? ... hassle of downed or rebuilt servers because someone clicked the wrong things. ... I currently have not given users internet access from the TS ... time even with protection. ...
(microsoft.public.windows.terminal_services)
RE: Remote Administration problem after upgrading to 2003
... > problem disappears when you remove the server from the domain, ... all of the "built-from-scratch" servers use their ... Edit, but I could see it in the RSOP listing.) ... Changed max sessions to 2, and all the servers are now happy. ...
(microsoft.public.windows.terminal_services)
Re: Where to Enable the Restricting NULL policies Settings
... If I want to prevent users from having access to only 5 servers in the domain would I just enable these settings on those 5 servers only? ...
(microsoft.public.windows.server.active_directory)
Re: Disable Null Sessions
... Do not allow anonymous enumeration of SAM accounts ... When I try to test I get the same results on my existing servers as I do on ...
(microsoft.public.windows.server.security)