You are here: Compliance Check Types > Windows Configuration > Custom Items > ANONYMOUS_SID_SETTING

ANONYMOUS_SID_SETTING

This policy item checks for the following value defined in “Security Settings -> Local Policies -> Security Options -> Network access: Allow anonymous SID/Name translation”. The check is performed by calling the function LsaQuerySecurityObject on the LSA policy handle.

Usage

<custom_item>

type: ANONYMOUS_SID_SETTING

description: ["description"]

value_type: [VALUE_TYPE]

value_data: [value]

(optional) check_type: [value]

</custom_item>

The allowed types are:

value_type: POLICY_SET

value_data: "Enabled" or "Disabled"

When using this audit, please note that this policy:

  • is a permission check on the LSA service
  • checks if the ANONYMOUS_USER has the flag POLICY_LOOKUP_NAMES set
  • is deprecated on Windows 2003 because an anonymous user cannot access the LSA pipe

Example

<custom_item>

type: ANONYMOUS_SID_SETTING

description: "Network access: Allow anonymous SID/Name translation"

value_type: POLICY_SET

value_data: "Disabled"

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.