Network access: Allow anonymous SID/Name translation

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Network access: Allow anonymous SID/name translation

Description

This security setting determines if an anonymous user can request security identifier (SID) attributes for another user.

If this policy is enabled, a user with knowledge of an administrator's SID could contact a computer that has this policy enabled and use the SID to get the administrator's name.

Default:

• Disabled on workstations and member servers.

• Enabled on domain controllers.

Configuring this security setting

You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

For specific instructions about how to configure security policy settings, see Edit security settings on a Group Policy object.

For more information, see:

• Account and local policies

• Security Configuration Manager tools