Network access: Do not allow anonymous enumeration of SAM accounts and shares

This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed.

Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.

Default: Disabled.

Policy path:

Computer Configuration\Windows Settings\Local Policies\Security Options

Supported on:

At least Windows XP SP2, Windows Server 2003

Registry settings:

MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous

Reboot required:

No

Search form

Policy path:

Supported on:

Registry settings:

Reboot required:

Related content