Disable Null Sessions via Group Policy

Edit GPO- Go to Computer configuration\Policies\Windows settings\Security Settings\Local Policies\SecurityOptions

Enable:

• Network access: Restrict Anonymous access to Named Pipes and Shares
• Network access: Do not allow anonymous enumeration of SAM accounts
• Network access: Do not allow anonymous enumeration of SAM accounts and shares
• Network access: Shares that can be accessed anonymously

Disable:

• Network access: Let Everyone permissions apply to anonymous users
• Network access: Allow anonymous SID/Name translation
• Restrict Null Sessions in the Registry

If you open regedit and browse to:

• HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous
  • 1 – Null sessions can not be used to enumerate shares
• HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM
  • 1 – Default setting. Null sessions can not enumerate user names
• HKLM\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous
  • 0 – Default setting. Null sessions have no special rights

Figure 1: Modifying the RestrictAnonymous key in the registry

Disable smbv1 via PowerShell

There are a wide variety of exploits for smbv1. Follow recommended settings and steps via the Microsoft Support article for your Operating System.

Sources:

• How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows
• Disable null sessions on domain controllers and member servers

Contact Us

Have questions or want to learn more about Blumira? We’re happy to help.