Hey everyone! I'm preparing for an internal security audit and I need some advice on how to disable the auditor's ability to pull SAM accounts from our PCs, laptops, and servers. I want to make sure that I don't inadvertently cause issues for end-users or our servers. We have a mix of Windows Server systems ranging from 2008R2 to 2022 and clients running Windows 10 and 11. I was thinking about using Group Policy to adjust the setting for 'Network access: Do not allow anonymous enumeration of SAM accounts and shares.' I'd love to hear your thoughts on this and if there are any drawbacks I should be aware of!
3 Answers
Audits are meant to highlight areas where you're doing well or where improvements are needed rather than be a strict checklist. Don't feel pressured to implement extensive changes just because an audit is coming up. It's more about assessing your current state and making a plan based on their feedback.
You might want to reconsider relying solely on your 2008R2 servers for this audit. Auditors can easily work around that since they'll most likely get familiar with your network and find information through other means. Also, since your environment includes these older servers, be ready for some tough feedback during the audit.
One GPO won't be a magical solution. Make sure you document what you're doing with those older servers. Consider outlining your migration plans and any extra security measures you're taking. For security hardening, look into CIS benchmarks or Microsoft security baselines. Keep your documentation updated and ensure that your patching is effective – that's what auditors are looking for!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures