Microsoft KB Archive/830070

= Anonymous access by using a null session is possible after you configure the registry to restrict remote access =

PSS ID Number: 830070

Article Last Modified on 2/23/2004

-

The information in this article applies to:


 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows 2000 Professional
 * Microsoft Windows 2000 Server

-





Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
When you configure the Windows registry to restrict remote access to the registry, you find that remote anonymous access to the registry is still possible by using a null session. For example, when you configure the registry according to either of the following Knowledge Base articles, you find that remote anonymous access to the registry is still possible by using a null session:

153183 How to restrict access to the registry from a remote computer

143474 Restricting information available to anonymous logon users



CAUSE
This issue may occur if the RestrictNullSessAccess registry entry has been created and its value is set to 0. This value allows remote access to the registry by using a null session, and the value overrides other explicit restrictive settings.

Note Microsoft recommends that the RestrictNullSessAccess registry value be set to 1. By default, the RestrictNullSessAccess registry entry does not exist.



RESOLUTION
To resolve this issue, set the RestrictNullSessAccess registry value to 1. When you set RestrictNullSessAccess to 1, the only resources that can be accessed by using a null session are those that are listed in the NullSessionPipes and NullSessionShares registry entries. For additional information about the NullSessionPipes and NullSessionShares entries, click the following article number to view the article in the Microsoft Knowledge Base:

289655 HOW TO: Enable Null Session Shares on a Windows 2000-Based Computer

To set the RestrictNullSessAccess registry value to 1, follow these steps.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
 * 1) Start Registry Editor.
 * 2) Locate the following entry in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\RestrictNullSessAccess
 * 3) Right-click RestrictNullSessAccess, and then click Modify.
 * 4) In the Value data box, type 1, and then click OK.
 * 5) Quit Registry Editor.



MORE INFORMATION
For additional information about RestrictNullSessAccess, click the following article number to view the article in the Microsoft Knowledge Base:

122702 Using the System Account as a Service in Windows NT 3.5

Additional query words: winreg SecurePipeServers

Keywords: kbprb KB830070

Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000DataServ kbwin2000DataServSearch kbwin2000Pro kbwin2000ProSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch kbWinDataServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.