RestrictNullSessAccess and Your Server

The separately discussed restrictanonymous setting will interfere with file sharing, in your Windows Network, by preventing your server from being enumerated ("seen") by the browser. There are other settings, though, that can interfere with Windows Networking, in other ways.

The ability to allow / prevent unauthenticated clients, to access named shares, is one such setting. If your server provides share access thru Guest, whether in Simple File Sharing, or in Advanced File Sharing with Guest-only access, access to some or all shares can be blocked by this setting.

The RestrictNullSessAccess setting, which is a value in the registry key [HKLM\System\CurrentControlSet\Services\LanManServer\Parameters], was originally part of Windows NT, and before the concept of Guest authentication in Windows 2000 and XP. The default / undefined value is "0", which says "Do NOT restrict share access to unauthenticated (Guest) clients".

If set to "1", however, you can designate specific shares (and named pipes) which will override the setting and allow access. The registry value NullSessionShares, in the above key, will then contain a list of shares that may be accessed by unauthenticated (Guest) clients.

This setting, if incorrectly made, will override any ACL entries which authorise Guest access. If your server depends upon Guest authentication, and this setting is in place, you will have problems with providing access to any, or all shares on the server.

Attribution:Information about this setting was provided by Mike Brown. Thanks, Mike!

>> Top

0 comments: