Nessus is a bit more clever than most testing applications, so it's able to get around the "RestrictAnonymous=1" setting for most of the information. My understanding is that it uses what is called "SID Walking" to first get the SID of the machine, and then using that, it is able to walk through some list and get various information such as the accounts.
I did find another (stand-alone) SID Walking tool out there, but other than Nessus, that seems to be the only tool that checks it that way. So, you won't see the problem reported by ISS, etc. We submitted a Microsoft Premier Support issue on this topic, and they confirmed that there is no way to prevent what Nessus does on Windows NT. On Windows 2000 and up, it can be prevented with "RestrictAnonymous=2". -----Original Message----- From: Mink, Adrian (QB8692) [mailto:[EMAIL PROTECTED]] Sent: Thursday 26 September 2002 10:23 AM To: Nessus (E-mail) Subject: Null session log in Hello, I am a bit confused about something. Nessus continually reports that null session login is allowed on my Windows boxes. However, I have set restrictanonymous=1 on these systems. Other tools, such as enum from razor.bindview.com can no longer gain a null session. How is Nessus doing it? Thanks! Adrian - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body. - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
