Windows NT Anonymous User Connections

  • Section(s): Logon, Network, Network
  • Published on Apr 20, 2004.
  • Last Modified on Apr 20, 2004.
  • Last Modified by Wayne Maples.
  • Rated 3.7 out of 5 based on 6 votes.
Red Button access attack uses Anonymous User Connections , also called Null User Connection, to discover which account is the administrative account and what the network shares are. You can disable this discovery by preventing anonymous connections to domains using the following Windows NT registry hack. Caution: this can have severe consequences on sql server access and creating / maintaining domain trusts.

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Control\Lsa
Name: RestrictAnonymous
Type: REG_DWORD
Value: 1

Windows 2000 has the same setting and adds the value of 2 which is much more restrictive. Its so restrictive, it does not seem viable in anything but a pure W2K environment - no NT4, no - Mac clients. See kb article Q246261. Related:
Q143474 - Restricting Information Available to Anonymous Logon Users
Q184018 - NDS for NT does not support restrict anonymous connections
Q168464 - Directory Replication Fails with Event ID 3216
Q246261 - How to Use the RestrictAnonymous Registry Value in Windows 2000

About Wayne Maples

Share this article


Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Limited time offer!

SolarWinds screenshot

Subscribe to WindowsNetworking.com Newsletters today and get a free copy of the new SolarWinds Exchange Monitor!

Readers' Choice

Which is your preferred software-based Backup solution?