Skip to main content

Browse the archive

Raw File
SV-88159.md 
---
scapolite:
    class: rule
    version: '0.51'
id: SV-88159
id_namespace: mil.disa.Windows-Server-2016-STIG
title: Insecure logons to an SMB server must be disabled.
rule: <see below>
description: <see below>
applicability:
  - system: org.scapolite.xccdf.applicability
    weight: 10.0
    selected: false
    role: ''
    severity: medium
implementations:
  - relative_id: F-79949r1
    description: <see below>
    automations:
      - system: org.scapolite.implementation.win_gpo
        ui_path: Computer Configuration\Administrative Templates\Network\Lanman Workstation\Enable
            insecure guest logons
        value: Disabled
        verification_status: Checked.
      - system: org.scapolite.implementation.windows_registry
        config: Computer
        registry_key: Software\Policies\Microsoft\Windows\LanmanWorkstation
        value_name: AllowInsecureGuestAuth
        action: DWORD:0
checks:
  - relative_id: C-73581r1
    description: <see below>
  - relative_id: '01'
    title: OVAL-based check
    description: <see below>
    automations:
      - system: http://oval.mitre.org/XMLSchema/oval-definitions-5
        idref: oval:mil.disa.stig.windows:def:1273
        href: U_MS_Windows_Server_2016_V1R7_STIG_SCAP_1-2_Benchmark-oval.xml
crossrefs:
  - system: http://iase.disa.mil/cci
    idref: CCI-000366
    relation: ''
history:
  - version: r1
    action: created
    description: WN16-CC-000080
    internal_comment: ''
---


## /rule

Insecure logons to an SMB server must be disabled.

## /description

[**VulnDiscussion**]{.separator type='STIG'}

Insecure guest logons allow unauthenticated access to shared folders. Shared resources on a system must require authentication to establish proper access.

[**Documentable**]{.separator type='STIG'}

false

## /implementations/0/description

Configure the policy value for Computer Configuration >> Administrative Templates >> Network >> Lanman Workstation >> "Enable insecure guest logons" to "Disabled".

## /checks/0/description

If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation\

Value Name: AllowInsecureGuestAuth

Type: REG_DWORD
Value: 0x00000000 (0)

## /checks/1/description

IASE supplies an OVAL check.
back to top