PSS ID Number: 830070
Article Last Modified on 2/23/2004
The information in this article applies to:
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
SYMPTOMS
When you configure the Windows registry to restrict remote access to the registry, you find that remote anonymous access to the registry is still possible by using a null session. For example, when you configure the registry according to either of the following Knowledge Base articles, you find that remote anonymous access to the registry is still possible by using a null session:
153183 How to restrict access to the registry from a remote computer
143474 Restricting information available to anonymous logon users
CAUSE
This issue may occur if the RestrictNullSessAccess registry entry has been created and its value is set to 0. This value allows remote access to the registry by using a null session, and the value overrides other explicit restrictive settings.
Note Microsoft recommends that the RestrictNullSessAccess registry value be set to 1. By default, the RestrictNullSessAccess registry entry does not exist.
RESOLUTION
To resolve this issue, set the RestrictNullSessAccess registry value to 1. When you set RestrictNullSessAccess to 1, the only resources that can be accessed by using a null session are those that are listed in the NullSessionPipes and NullSessionShares registry entries. For additional information about the NullSessionPipes and NullSessionShares entries, click the following article number to view the article in the Microsoft Knowledge Base:
289655 HOW TO: Enable Null Session Shares on a Windows 2000-Based Computer
To set the RestrictNullSessAccess registry value to 1, follow these steps.
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
- Start Registry Editor.
- Locate the following entry in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\RestrictNullSessAccess
- Right-click RestrictNullSessAccess, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Quit Registry Editor.
MORE INFORMATION
For additional information about RestrictNullSessAccess, click the following article number to view the article in the Microsoft Knowledge Base:
122702 Using the System Account as a Service in Windows NT 3.5
Additional query words: winreg SecurePipeServers
Keywords: kbprb KB830070
Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000DataServ kbwin2000DataServSearch kbwin2000Pro kbwin2000ProSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch kbWinDataServSearch