During a penetration test you established a null session to a Windows Server 2016 domain controller and enumerated the list of users with the command rpcclient -U "". In the after-action meeting, the system administrator asks how to block this technique while still permitting legitimate SMB file sharing. Which single configuration change is the most effective countermeasure?
Set the registry key HKLM\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous to 2 to block anonymous SID-to-name translation.
Disable NetBIOS over TCP/IP on all domain controller network interfaces.
Implement an account lockout policy that disables an account after three failed logon attempts.
Enable mandatory SMB packet signing on the domain controller.
Null session enumeration relies on the ability of an unauthenticated (anonymous) user to obtain information through the Server Message Block (SMB) and Remote Procedure Call (RPC) services. Setting the registry value HKLM\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous to 2 (often called "No access without explicit anonymous permissions") tells Windows to refuse anonymous SID-to-name lookups and other legacy null-session requests while still allowing authenticated SMB traffic. Disabling NetBIOS or forcing SMB signing can add security but will not, by itself, stop null sessions; anonymous users could still query over direct SMB or sign packets after establishing the session. An account-lockout policy mitigates password-guessing, not enumeration. Therefore, hardening anonymous access with RestrictAnonymous = 2 is the correct mitigation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a null session in Windows?
Open an interactive chat with Bash
Why does `HKLM\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous` block null sessions?
Open an interactive chat with Bash
What is SMB packet signing and why doesn't it stop null sessions?
Open an interactive chat with Bash
What is null session enumeration?
Open an interactive chat with Bash
How does modifying `RestrictAnonymous` enhance security?
Open an interactive chat with Bash
Why is enabling mandatory SMB packet signing not effective against null sessions?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Reconnaissance Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .