none
Disabling Null Sessions via GPO

    Question

  • Good Day,

    I am currently trying to disable Null sessions at my company. I tried the configuration discuse at (https://social.technet.microsoft.com/Forums/windowsserver/en-US/841523db-8c4b-43a0-9f28-be7270f92e2b/disable-server-2008-null-sessions?forum=winservergen ) but when I do my c$ share stop working.

    Could some provide me with the step on how to disable null session entirely via GPO policy?

    Any assistance would be greatly appreciated.

    Regards,

    vik


    vicky ramphal

    Thursday, June 18, 2015 7:52 PM

Answers

  • Hi Vicky,

    Sorry for the late response. And yes, the command: net use \\host_name_or_IP_address\ipc$ "" "/user:" can be used to map/test the null sessions.

    The net command to map null sessions requires these parameters:

    • net followed by the use command

    • The IP address or hostname of the system to which you want to map a null connection

    • A blank password and username

    By the way, may I know what Dword value you set for the registry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA key?

    You can check the article below to know more about disable the null sessions:

    http://www.dummies.com/how-to/content/null-session-attacks-and-how-to-avoid-them.html

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, July 01, 2015 3:30 AM
    Moderator

All replies

  • Hi Vicky,

    Thanks for your post. Would you please share with us your system versions?

    There's a thread which posted the same question just as yours, you can have a look if you like:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/e56374b4-6132-4aae-ab6b-349e5d355575/disable-null-sessions-on-domain-controllers-and-member-servers?forum=winserverGP

    If you didn't got the answer you want, feel free to post back here.

    Best Regrds,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, June 19, 2015 3:10 AM
    Moderator
  • Hi Elaine,

    Thanks for your response.

    We currently have windows server 2008 r2, 2003,2000 as well as window 7 and XP for our pc users  in our environment. when I  enable this -Network access: Named Pipes that can be accessed anonymously-  my C$ share stops working.

    My question is would the registry change recommended work in my environment and work with the later versions?

    Also is the net use \\pc\ipc$ "" /u:"" the correct command to test null sessions connections?

    thanks in advance

    Regards,

    vicky


    vicky ramphal

    Monday, June 22, 2015 1:53 PM
  • Hi Elaine

    Editing the registry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA  didn't work in my environment. when we run this command  net use \\pc\ipc$ "" /u:"", the command was successful.

    what else could we try to disable all null sessions?

    thanks in advance

    Regards,

    vicky


    vicky ramphal

    Monday, June 22, 2015 2:01 PM
  • Hi Vicky,

    Sorry for the late response. And yes, the command: net use \\host_name_or_IP_address\ipc$ "" "/user:" can be used to map/test the null sessions.

    The net command to map null sessions requires these parameters:

    • net followed by the use command

    • The IP address or hostname of the system to which you want to map a null connection

    • A blank password and username

    By the way, may I know what Dword value you set for the registry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA key?

    You can check the article below to know more about disable the null sessions:

    http://www.dummies.com/how-to/content/null-session-attacks-and-how-to-avoid-them.html

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, July 01, 2015 3:30 AM
    Moderator