RestrictAnonymous
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
Data type |
Range |
Default value |
---|---|---|
REG_DWORD |
0 | 1 | 2 |
0 |
Description
Restricts anonymous users from displaying lists of users and from viewing security permissions.
Value |
Meaning |
---|---|
0 |
Disabled. Anonymous users are not restricted. |
1 |
Enabled. Users who log on anonymously (also known as null session connections ) cannot display lists of domain user names or share names. Also, these users cannot view security permissions, and they cannot use all of the features of Windows Explorer, Local Users and Groups, and other programs that enumerate users or shares. |
2 |
Anonymous users have no access without explicit anonymous permissions. |
Note
Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
Do not set the value of this entry to 2 in mixed-mode environments. Only consider setting it to 2 in environments running only Windows 2000, and only after verifying that appropriate service levels and program function are maintained.
Tip
For more information about this entry, see the Microsoft Knowledge Base link on the Web Resources page. Search the Knowledge Base for Articles Q143474, Q178640, and Q246261, or use these keyword phrases: restrict anonymous logon,could not find domain controller when establishing a trust, or RestrictAnonymous registry value in Windows 2000.
Caution
Pre-defined "High Secure" security templates set the value of this entry to 2. Use caution when using these templates.