I'm seeing a large number of QID 90444 findings in my Windows server environment. We're doing authenticated scans, and the scanners are showing the following in the results field:
HKLM\SYSTEM\CurrentControlSet\Control\LSA RestrictAnonymous = 0
I know the QID is looking for that key to be set to a value of 1, but I'm not sure that's required. The QID solution references to following articles:
The first article references the RestrictAnonymous key but it says it only applies to Windows 2000. The second article references a different key, RestrictNullSessAccess, which does exist on my Windows 2008/2012 servers and is set correctly. Does the RestrictAnonymous key apply in this case? I'm wondering if Qualys is applying a check to an operating system version that isn't appropriate.