Export (0) Print
Expand All

RestrictAnonymous

HKLM\SYSTEM\CurrentControlSet\Control\Lsa

Data type

Range

Default value

REG_DWORD

0 | 1 | 2

0

Description

Restricts anonymous users from displaying lists of users and from viewing security permissions.

Value

Meaning

0

Disabled. Anonymous users are not restricted.

1

Enabled. Users who log on anonymously (also known as null session connections ) cannot display lists of domain user names or share names. Also, these users cannot view security permissions, and they cannot use all of the features of Windows Explorer, Local Users and Groups, and other programs that enumerate users or shares.

2

Anonymous users have no access without explicit anonymous permissions.

Note Image Note

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

Do not set the value of this entry to 2 in mixed-mode environments. Only consider setting it to 2 in environments running only Windows 2000, and only after verifying that appropriate service levels and program function are maintained.

Tip Image Tip

For more information about this entry, see the Microsoft Knowledge Base link on the Web Resources page. Search the Knowledge Base for Articles Q143474, Q178640, and Q246261, or use these keyword phrases: restrict anonymous logon, could not find domain controller when establishing a trust, or RestrictAnonymous registry value in Windows 2000.

Caution Image Caution

Pre-defined "High Secure" security templates set the value of this entry to 2. Use caution when using these templates.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft