- Product
Product Overview
Sophisticated security with unmatched simplicityCloud SIEM
Pre-configured detections across your environmentHoneypots
Deception technology to detect lateral movementEndpoint Visibility
Real-time monitoring with added detection & responseSecurity Reports
Data visualizations, compliance reports, and executive summariesAutomated Response
Detect, prioritize, and neutralize threats around the clockIntegrations
Cloud, on-prem, and open API connectionsXDR Platform
A complete view to identify risk, and things operational
- Pricing
- Why Blumira
Why Blumira
The Security Operations platform IT teams loveWatch A Demo
See Blumira in action and how it builds operational resilienceUse Cases
A unified security solution for every challengePricing
Unlimited data and predictable pricing structureCompany
Our human-centered approach to cybersecurityCompare Blumira
Find out how Blumira stacks up to similar security toolsIntegrations
Cloud, on-prem, and open API connectionsCustomer Stories
Learn how others like you found success with Blumira
- Solutions
- Partners
- Resources
How to Disable Null Session in Windows
In a Windows environment, null sessions can allow users to have anonymous access to hidden administrative shares on a system.
Once connected to the shares through a null session, attackers can potentially enumerate information about your system and environment, such as users and groups, operating systems, password policies, privileges, etc. With this information, an attacker can learn about any potential vulnerabilities or ways to best attack your systems.
Disabling null sessions is a key way to help you strengthen your organization's security and reduce your attack surface.
Edit GPO- Go to Computer configuration\Policies\Windows settings\Security Settings\Local Policies\SecurityOptions
Enable:
- Network access: Restrict Anonymous access to Named Pipes and Shares
- Network access: Do not allow anonymous enumeration of SAM accounts
- Network access: Do not allow anonymous enumeration of SAM accounts and shares
- Network access: Shares that can be accessed anonymously
- Network access: Let Everyone permissions apply to anonymous users
- Network access: Allow anonymous SID/Name translation
- Restrict Null Sessions in the Registry
- HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous
- 1 - Null sessions can not be used to enumerate shares
- HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM
- 1 - Default setting. Null sessions can not enumerate user names
- HKLM\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous
- 0 - Default setting. Null sessions have no special rights
Figure 1: Modifying the RestrictAnonymous key in the registry
Disable smbv1 via PowerShell
There are a wide variety of exploits for smbv1. Follow recommended settings and steps via the Microsoft Support article for your Operating System. Sources:- How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows
- Disable null sessions on domain controllers and member servers
Protect Your Windows Environment
Blumira makes security easy and effective for SMBs and mid-market companies, helping them detect and respond to cybersecurity threats faster to stop breaches and ransomware. Blumira’s all-in-one SIEM platform combines logging with automated detection and response for better security outcomes and consolidated security spend. Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.Additional Security Resources
View All Posts
Security Trends and Info
9 min read
| July 24, 2025
Critical Microsoft SharePoint Server vulnerability allows unauthorized code execution
Read More
Customer Success Stories
6 min read
| July 15, 2025
Customer Story: LEAP Managed IT Streamlines Ticketing and Boosts Visibility with Blumira’s API
Read More
SIEM XDR
7 min read
| June 9, 2025
Customer Story: NetCenter Technologies
Read More