AnsweredAssumed Answered

Null Session/Password NetBIOS Access Vulnerability

Question asked by Mike Biecker on Nov 9, 2017

I have a Windows 2008 R2 Domain Controller that continues to allow Anonymous Logons despite the following changes.

 

A GPO was created for local security polices:

  1. Network access: Allow anonymous SID/Name translation (Disabled)
  2. Network access: Do not allow anonymous enumeration of SAM accounts (Enabled)
  3. Network access: Do not allow anonymous enumeration of SAM accounts and shares (Enabled)
  4. Network access: Let Everyone permissions apply to anonymous users (Disabled)
  5. Network access: Named Pipes that can be accessed anonymously (Null)
  6. Network access: Restrict anonymous access to Named Pipes and Shares (Enabled)
  7. Network access: Shares that can be accessed anonymously (Null)

Registry Changes:
HKLM:\System\CurrentControlSet\Control\Lsa
RestrictAnonymous = 1
restrictanonymoussam = 1
everyoneincludesanonymous = 0

 

HKLM:\System\CurrentControlSet\services\LanmanServer\Parameters
NullSessionPipes = ""
NullSessionShares = ""
restrictnullsessaccess = 1

 

Executed the following commands:

net localgroup "Pre-Windows 2000 Compatible Access" everyone /delete
net localgroup "Pre-windows 2000 compatible access" "Anonymous logon" /delete

 

I used the following command to test : net use \\servername\IPC$ "" /user:""

Outcomes