1 <samba:parameter name="restrict anonymous"
4 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
7 The setting of this parameter determines whether SAMR and LSA
8 DCERPC services can be accessed anonymously. This corresponds
9 to the following Windows Server registry options:
13 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous
17 The option also affects the browse option which is required by
18 legacy clients which rely on Netbios browsing. While modern
19 Windows version should be fine with restricting the access
20 there could still be applications relying on anonymous access.
24 Setting <smbconfoption name="restrict anonymous">1</smbconfoption>
25 will disable anonymous SAMR access.
29 Setting <smbconfoption name="restrict anonymous">2</smbconfoption>
30 will, in addition to restricting SAMR access, disallow anonymous
31 connections to the IPC$ share in general.
32 Setting <smbconfoption name="guest ok">yes</smbconfoption> on any share
33 will remove the security advantage.
37 <value type="default">0</value>