Check or Attack Name: Users - null session

Users were enumerated through a null session. Account names may be acquired, providing the foundation for a brute force attack.

Apply the latest Windows NT 4.0 Service Pack or Windows NT 4.0 Service Pack 2 (SP2) users must apply the sec fix, then regulate access to the NT registry.

To apply the latest Windows NT 4.0 Service Pack, follow these steps:

1. Open a web browser.
2. Go to http://support.microsoft.com/support/ntserver/Content/ServicePacks/and follow the directions to download the appropriate service pack for your computer.
3. Find the installation program you downloaded to your computer.
4. Double-click the program icon to start the installation.
5. Follow the installation directions.

—OR—

To apply sec-fix, follow these steps:

1. From the Windows NT Start menu, select Run.
2. Type ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP2/sec-fix/ and click OK.
3. View README.TXT for version and execution.

—AND—

To regulate access to the NT registry, follow these steps:

1. Open Registry Editor. From the Windows NT Start menu, select Run, type regedt32, and click OK.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA.
3. From the Edit menu, select Add Value to display the Add Value dialog box. Use the following entries:

Value Name: RestrictAnonymous

Data Type: REG_DWORD

Value: 1.

4. Reboot the system to apply the changes.

Warning: The winreg key will not be present if Service Pack 3 is not installed. Resetting the Registry entries is only effective after applying the patch and Service Pack 3. For more information, see Microsoft Knowledge Base Article Q155363.