RestrictAnonymous
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
RestrictAnonymous
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
| Data type | Range | Default value |
|---|---|---|
REG_DWORD |
0 | 1 | 2 |
0 |
Description
Restricts anonymous users from displaying lists of users and from viewing security permissions.
| Value | Meaning |
|---|---|
0 |
Disabled. Anonymous users are not restricted. |
1 |
Enabled. Users who log on anonymously (also known as null session connections) cannot display lists of domain user names, nor share names. Also, these users cannot view security permissions, and they cannot use all of the features of Windows Explorer, Local Users and Groups, and other programs that enumerate users or shares. |
2 |
Anonymous users have no access without explicit anonymous permissions. |
This entry does not exist in the registry by default. You can add it by using the registry editor Regedit.exe.
Note
- Do not set the value of this entry to 2 in mixed-mode environments. Only consider setting it to 2 in environments running only Windows Server 2003, and only after verifying that appropriate service levels and program function are maintained.
Caution
- Pre-defined "High Secure" security templates set the value of this entry to 2. Use caution when using these templates.