AnsweredAssumed Answered

Is QID 90444 finding valid?

Question asked by Jordan Greene on Mar 14, 2017

I'm seeing a large number of QID 90444 findings in my Windows server environment. We're doing authenticated scans, and the scanners are showing the following in the results field:

 

HKLM\SYSTEM\CurrentControlSet\Control\LSA RestrictAnonymous = 0

 

I know the QID is looking for that key to be set to a value of 1, but I'm not sure that's required. The QID solution references to following articles:

 

https://support.microsoft.com/en-us/help/246261/how-to-use-the-restrictanonymous-registry-value-in-windows-2000 

RestrictNullSessAccess 

 

The first article references the RestrictAnonymous key but it says it only applies to Windows 2000. The second article references a different key, RestrictNullSessAccess, which does exist on my Windows 2008/2012 servers and is set correctly. Does the RestrictAnonymous key apply in this case? I'm wondering if Qualys is applying a check to an operating system version that isn't appropriate.

Outcomes