Disable Null Sessions



We had an audit and were told to disable null sessions on all of our
servers. I found that we could use group policy to accomplish this. I have
enabled the following settings on a test OU and moved a server to that OU.

Network access: Do not allow anonymous enumeration of SAM accounts
Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and
shares Enabled

I was wondering the easiest way to verify that the null sessions have been
disabled? I downloaded a few applications that stated they would check this.
When I try to test I get the same results on my existing servers as I do on
the server that I put in the test OU with the GPO.


Thanks,
James


.



Relevant Pages

  • Re: nessus scan
    ... Null sessions do NOT allow unauthenticated access to data on ... > when XP Pro users try to change their domain passwords at logon. ... > downlevel clients to access those servers. ... > auditing for account logons events and account management on domain ...
    (microsoft.public.win2000.security)
  • Re: How to protect my terminal servers?
    ... If I turn this all on from the console, will it apply it to all user sessions? ... hassle of downed or rebuilt servers because someone clicked the wrong things. ... I currently have not given users internet access from the TS ... time even with protection. ...
    (microsoft.public.windows.terminal_services)
  • RE: Remote Administration problem after upgrading to 2003
    ... > problem disappears when you remove the server from the domain, ... all of the "built-from-scratch" servers use their ... Edit, but I could see it in the RSOP listing.) ... Changed max sessions to 2, and all the servers are now happy. ...
    (microsoft.public.windows.terminal_services)
  • Re: Where to Enable the Restricting NULL policies Settings
    ... If I want to prevent users from having access to only 5 servers in the domain would I just enable these settings on those 5 servers only? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Disable Null Sessions
    ... Do not allow anonymous enumeration of SAM accounts ... When I try to test I get the same results on my existing servers as I do on ...
    (microsoft.public.windows.server.security)