There was a security audit run on our network and one of the vulnerabilities is that Windows Server 2003 allows null sessions. I’ve done some research on this and it looks like setting these options should take care of it.<\/p>\n
Network Access: Do not allow anonymous enumeration of SAM accounts: Enabled (Default)
\nNetwork Access: Do not allow anonymous enumeration of SAM accounts and shares: Enabled<\/p>\n
My question is, how do I know if changing these fixed it? I am still able to connect using null values using: net use \\\\<IP address>\\ipc$ “” \/u:””. It says, “The command completed successfully”.<\/p>\n
But when I run “winfo <ip address> -v”, I get this:<\/p>\n
SYSTEM INFORMATION:<\/p>\n
Warning: Unable to retrieve system information.
\nReason : Access denied.<\/p>\n
DOMAIN INFORMATION:<\/p>\n
Warning: Unable to retrieve policy.
\nReason : Access denied.<\/p>\n
PASSWORD POLICY:<\/p>\n
Warning: Unable to retrieve password policy.
\nReason : Access denied.<\/p>\n
LOCOUT POLICY:<\/p>\n
Warning: Unable to retrieve lockout policy.
\nReason : Access denied.<\/p>\n
SESSIONS:<\/p>\n
Warning: Unable to retrieve sessions.
\nReason : Access denied.<\/p>\n
LOGGED IN USERS:<\/p>\n
Warning: Unable to retrieve the list of logged in users.
\nReason : Access denied.<\/p>\n
USER ACCOUNTS:<\/p>\n
Warning: Unable to enumerate users.
\nReason : Access denied.<\/p>\n
WORKSTATION TRUST ACCOUNTS:<\/p>\n
Warning: Unable to enumerate workstation trust accounts.
\nReason : Access denied.<\/p>\n
INTERDOMAIN TRUST ACCOUNTS:<\/p>\n
Warning: Unable to enumerate interdomain trust accounts.
\nReason : Access denied.<\/p>\n
SERVER TRUST ACCOUNTS:<\/p>\n
Warning: Unable to enumerate server trust accounts.
\nReason : Access denied.<\/p>\n
SHARES:<\/p>\n
Warning: Unable to enumerate shares.
\nReason : Access denied.<\/p>\n
<\/p>\n
Furthermore, I tried: “net view \\\\<IP address>” and get an access denied error.<\/p>\n
To me, this looks good and indicates that the server is no longer giving out any info to a null sessions. But since i’m still able to connect with a NULL session, is this issue really fixed? Any thoughts on this?<\/p>\n
Thanks!<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"iawp_total_views":1},"question-category":[72],"question_tags":[],"class_list":["post-6169","question","type-question","status-publish","hentry","question-category-windows-2003"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/question\/6169","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/question"}],"about":[{"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/types\/question"}],"author":[{"embeddable":true,"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/comments?post=6169"}],"wp:attachment":[{"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/media?parent=6169"}],"wp:term":[{"taxonomy":"question-category","embeddable":true,"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/question-category?post=6169"},{"taxonomy":"question_tags","embeddable":true,"href":"https:\/\/computing.net\/answers\/wp-json\/wp\/v2\/question_tags?post=6169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}