ANONYMOUS_SID_SETTING

This policy item checks for the following value defined in “Security Settings -> Local Policies -> Security Options -> Network access: Allow anonymous SID/Name translation”. The check is performed by calling the function LsaQuerySecurityObject on the LSA policy handle.

Usage

<custom_item>

type: ANONYMOUS_SID_SETTING

description: ["description"]

value_type: [VALUE_TYPE]

value_data: [value]

(optional) check_type: [value]

</custom_item>

The allowed types are:

value_type: POLICY_SET

value_data: "Enabled" or "Disabled"

When using this audit, please note that this policy:

is a permission check on the LSA service
checks if the ANONYMOUS_USER has the flag POLICY_LOOKUP_NAMES set
is deprecated on Windows 2003 because an anonymous user cannot access the LSA pipe

Example

<custom_item>

type: ANONYMOUS_SID_SETTING

description: "Network access: Allow anonymous SID/Name translation"

value_type: POLICY_SET

value_data: "Disabled"

</custom_item>